Fortinet black logo

Administration Guide

Home FortiSandbox 4.4.5 Administration Guide
4.4.5
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6

Threats by Hosts

Threats by Hosts

On this page you can view and drill down all threats grouped by hosts. The Host can be a user name or email address (if it is available) or a device that is the target of a threat. This page displays all threats that have occurred to the user or victim host during a time period. Click the View Jobs icon or double-click an entry in the table to view the second level.

Threats by Hosts - level 1

The following options are available:

Time Period

Select the time period from the dropdown list. Select 24 Hours, 7 Days, or 4 Weeks.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.

Search

Show or hide the search filter field.

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Add Search Filter

Click the Search Filter field to add search filters. Click the Cancel icon to the left of the search filter to remove the specific filter. Click the Clear All Filters icon in the search filter field to clear all filters.

In this page, the threat target host or user name can be the search criteria. You can input a partial value to search all records that contain it.

Search filters can be used to filter the information displayed in the GUI.

View Job

Click the View Jobs icon to drill down the entry.

Pagination

Use the pagination options to browse entries displayed.

This page displays the following information:

Host/Username

The device and username that is the target of threats.

Note

A duplicate user name or host from a different VDOM is considered a different user.

Device Name

The device name.

# of Malicious Files

The number of unique malicious files associated with the user for the time period selected. Click the column header to sort the table by this column.

# of Suspicious Files

The number of unique suspicious files associated with the user for the time period selected. Click the column header to sort the table by this column.

# of Network Threats

The number of unique network threats (attacker, botnet, and suspicious URL events) associated with the user for the time period selected. Click the column header to sort the table by this column.

Timeline

View the Threat Timeline Chart. When you click on any dot in the chart, all events associated will be displayed. When you click on an event, the View Details page will open.

Total Hosts

The number of hosts displayed and total number of hosts.
Threats by Hosts - level 2

Double-click an entry in the table or click the View Jobs icon to view the second level.

The following information is displayed:

Back

Click Back button to return to the main landing page.

Threat Timeline Chart

This chart displays the number of threats and types of threats which occurred to the threat target during the period of time. Hover the mouse pointer over the dots in the chart and more detailed threat information will be displayed.

Summary of

The following fields are displayed: Device, Threat Target, Time Period, Total Files, number of: Malicious Files, Suspicious Files, and Network Events.

Details

Malicious Files

Malicious file information including malware name, Threat Source, and number of detection times. The options are:

  • Click the View Jobs icon to drill down the entry.
  • Click the malware name to view the related FortiGuard Encyclopedia page.

Suspicious Files

Suspicious file information including file name, file type, rating, the malware hosting address and number of detection times. Click the View Jobs icon to drill down the entry.

Attacker Events

Attacker event information including backdoor name, attack origin address and port, attack destination address and port, and number of detection times.

Botnet Events

Botnet event information including botnet name, user IP address, user port, destination IP address, destination IP port and number of detection times.

URL Events

Suspicious URL event information including site category, host or IP address, URL, type, user IP address, user port and number of detection times.
Threats by Hosts - level 3

The following options are available:

Back

Click the Back button to return to the main landing page.

View Details

Click the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level.

Perform Rescan

Click the icon to rescan the entry. For more information, see Perform Rescan > File Job Search.

Pagination

Use the pagination options to browse entries displayed.

The following information is displayed:

Malicious Files

Displays the date and time that the file was detected, malware name, source IP address, and destination IP address.

Click the malware name to view the related FortiGuard Encyclopedia page.

Suspicious Files

Displays the date and time that the file was detected, file type, rating, source IP address, destination IP address and number of detection times, if available.

Total Jobs

The number of jobs displayed and the total number of jobs.
Threats by Hosts - level 4

For more about the information available in the View Details pages for malicious and suspicious files, see Appendix B- Job Details page reference.

When a file has been rescanned, the results of the rescan are displayed on this page. Select the job ID to view the job details.
To create a snapshot report for all threats by users:
  1. Select a time period from the Time Period dropdown list.
  2. Click the Filter field to apply filters to further drill down the information in the report.
  3. Click the Export Data button in the toolbar.
  4. In the Report Generator, select either PDF or CSV for the report type.
  5. Click the Generate Report button to create the report.
  6. When the report generation is completed, select the Download button to save the file to your management computer. You can navigate away and find the report later in Log & Report > Report Center page.
  7. Click the Cancel button to exit the report generator.

The maximum number of events you can export to a PDF report is 1000. The maximum number of events you can export to a CSV report is 15000. Jobs over that limit are not included in the report.
Previous
Next

Threats by Hosts

On this page you can view and drill down all threats grouped by hosts. The Host can be a user name or email address (if it is available) or a device that is the target of a threat. This page displays all threats that have occurred to the user or victim host during a time period. Click the View Jobs icon or double-click an entry in the table to view the second level.

Threats by Hosts - level 1

The following options are available:

Time Period

Select the time period from the dropdown list. Select 24 Hours, 7 Days, or 4 Weeks.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. You can wait till the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.

Search

Show or hide the search filter field.

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Add Search Filter

Click the Search Filter field to add search filters. Click the Cancel icon to the left of the search filter to remove the specific filter. Click the Clear All Filters icon in the search filter field to clear all filters.

In this page, the threat target host or user name can be the search criteria. You can input a partial value to search all records that contain it.

Search filters can be used to filter the information displayed in the GUI.

View Job

Click the View Jobs icon to drill down the entry.

Pagination

Use the pagination options to browse entries displayed.

This page displays the following information:

Host/Username

The device and username that is the target of threats.

Note

A duplicate user name or host from a different VDOM is considered a different user.

Device Name

The device name.

# of Malicious Files

The number of unique malicious files associated with the user for the time period selected. Click the column header to sort the table by this column.

# of Suspicious Files

The number of unique suspicious files associated with the user for the time period selected. Click the column header to sort the table by this column.

# of Network Threats

The number of unique network threats (attacker, botnet, and suspicious URL events) associated with the user for the time period selected. Click the column header to sort the table by this column.

Timeline

View the Threat Timeline Chart. When you click on any dot in the chart, all events associated will be displayed. When you click on an event, the View Details page will open.

Total Hosts

The number of hosts displayed and total number of hosts.
Threats by Hosts - level 2

Double-click an entry in the table or click the View Jobs icon to view the second level.

The following information is displayed:

Back

Click Back button to return to the main landing page.

Threat Timeline Chart

This chart displays the number of threats and types of threats which occurred to the threat target during the period of time. Hover the mouse pointer over the dots in the chart and more detailed threat information will be displayed.

Summary of

The following fields are displayed: Device, Threat Target, Time Period, Total Files, number of: Malicious Files, Suspicious Files, and Network Events.

Details

Malicious Files

Malicious file information including malware name, Threat Source, and number of detection times. The options are:

  • Click the View Jobs icon to drill down the entry.
  • Click the malware name to view the related FortiGuard Encyclopedia page.

Suspicious Files

Suspicious file information including file name, file type, rating, the malware hosting address and number of detection times. Click the View Jobs icon to drill down the entry.

Attacker Events

Attacker event information including backdoor name, attack origin address and port, attack destination address and port, and number of detection times.

Botnet Events

Botnet event information including botnet name, user IP address, user port, destination IP address, destination IP port and number of detection times.

URL Events

Suspicious URL event information including site category, host or IP address, URL, type, user IP address, user port and number of detection times.
Threats by Hosts - level 3

The following options are available:

Back

Click the Back button to return to the main landing page.

View Details

Click the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level.

Perform Rescan

Click the icon to rescan the entry. For more information, see Perform Rescan > File Job Search.

Pagination

Use the pagination options to browse entries displayed.

The following information is displayed:

Malicious Files

Displays the date and time that the file was detected, malware name, source IP address, and destination IP address.

Click the malware name to view the related FortiGuard Encyclopedia page.

Suspicious Files

Displays the date and time that the file was detected, file type, rating, source IP address, destination IP address and number of detection times, if available.

Total Jobs

The number of jobs displayed and the total number of jobs.
Threats by Hosts - level 4

For more about the information available in the View Details pages for malicious and suspicious files, see Appendix B- Job Details page reference.

When a file has been rescanned, the results of the rescan are displayed on this page. Select the job ID to view the job details.
To create a snapshot report for all threats by users:
  1. Select a time period from the Time Period dropdown list.
  2. Click the Filter field to apply filters to further drill down the information in the report.
  3. Click the Export Data button in the toolbar.
  4. In the Report Generator, select either PDF or CSV for the report type.
  5. Click the Generate Report button to create the report.
  6. When the report generation is completed, select the Download button to save the file to your management computer. You can navigate away and find the report later in Log & Report > Report Center page.
  7. Click the Cancel button to exit the report generator.

The maximum number of events you can export to a PDF report is 1000. The maximum number of events you can export to a CSV report is 15000. Jobs over that limit are not included in the report.
Previous
Next