Fortinet black logo

Administration Guide

Home FortiSandbox 4.4.5 Administration Guide
4.4.5
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6

Threats by Files

Threats by Files

On this page you can view and drill down all threats group by malware file. This page displays threats by filename, rating, and number of targeted users and hosts. Click the View Jobs icon or double-click an entry in the table to view the second level.

Threats by Files - level 1

The following options are available:

Time Period

Select the time period from the dropdown list. Select 24 Hours, 7 Days, or 4 Weeks.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time period of jobs included in the report depends on the selection made in the Time Period dropdown. The time to generate the report is dependent on the number of events selected. You can wait until the report is ready to view, or navigate away and find the report later in the Log & Report > Report Center page.

Search

Show or hide the search filter field.

Refresh

Click the Refresh icon to refresh the entries displayed after applying search filters.

Add Search Filter

Click the Search Filter field to add search filters. Click the Cancel icon to the left of the search filter to remove the specific filter. Click the Clear All Filters icon in the search filter field to clear all filters. When the filter Filename is used, click the = sign to toggle between the exact and pattern search.

Search filters can be used to filter the information displayed in the GUI.

View Jobs

Click the View Jobs icon to drill down the entry.

Pagination

Use the pagination options to browse entries displayed.

This page displays the following information:

Filename (MD5)

The threat file name and MD5 of this file.

Rating

The file rating. Click the column header to sort the table by this column.

# of Source

The number of users affected. Click the column header to sort the table by this column.

Timeline

View the Threat Timeline Chart. When you hover over any dot, all victim hosts infected by that malware will appear in five minutes. When you click on any dot in the chart, all events associated will be displayed. When you click on an event, the View Details page will open.

Total Files

The number of files displayed and the total number of files.
Threats by Files - level 2

The following options are available:

Back

Click the Back icon to return to the main landing page.

Threat Timeline Chart

Displays the number of threats and types of threats which occurred to the threat target during the peroid of time. Hover over the dots in the chart to view more detailed threat information.

Search

Show or hide the search filter field.

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Add Search Filter

Click the search filter field to add search filters. Click the cancel icon to the left of the search filter to remove the specific filter.

Search filters can be used to filter the information displayed in the GUI.

View Jobs

Click the View Jobs icon to drill down the entry.

Pagination

Use the pagination options to browse entries displayed.

The following information is displayed:

Summary of

Summary information including the file name, source IP address, destination IP address, time period, download location, file type, threat type, submission information, and device information (if available). If the malware appears more than once, the information is from its most recent detection.

Details

Detail information including user IP address. destination IP address, and number of detection times. Select the View Jobs icon, or double-click on the row, to drill down the entry.
Threats by Files - level 3

The following options are available:

Back

Click the Back icon to return to the main landing page.

View Details

Select the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level.

Perform Rescan

Click the icon to rescan the entry. For more information, see Perform Rescan > File Job Search.

Pagination

Use the pagination options to browse entries displayed.

When a file has been rescanned, the results of the rescan are displayed in this page. Select the job ID to view the job details.

The following information is displayed:

Detected

The date and time that the file was detected by FortiSandbox. Click the column header to sort the table by this column.

Filename

Displays the filename. Clicking on the file name can link to a FortiGuard Encyclopedia to provide more information if the rating is Malicious.

Source

Displays the source IP address. Click the column header to sort the table by this column.

Destination

Displays the destination IP address. Click the column header to sort the table by this column.

Rating

Displays the file rating. Click the column header to sort the table by this column.

Total Jobs

The number of jobs displayed and the total number of jobs.
Threats by Files - level 4

For more about information in the View Details pages for malicious and suspicious files, see File Statistics

To create a snapshot report for all threats by files:
  1. Select a time period from the first dropdown list.
  2. Select to apply search filters to further drill down the information in the report.
  3. Click the Export Data button in the toolbar.
  4. In the Report Generator, select either PDF or CSV for the report type.
  5. Click the Generate Report button to create the report. You can wait until the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.
  6. When the report generation is completed, select the Download button to save the file to your management computer.
  7. Click the Cancel button to exit the report generator.

The maximum number of events you can export to a PDF report is 5000. The maximum number of events you can export to a CSV report is 150000. Jobs over that limit are not included in the report.
Previous
Next

Threats by Files

On this page you can view and drill down all threats group by malware file. This page displays threats by filename, rating, and number of targeted users and hosts. Click the View Jobs icon or double-click an entry in the table to view the second level.

Threats by Files - level 1

The following options are available:

Time Period

Select the time period from the dropdown list. Select 24 Hours, 7 Days, or 4 Weeks.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time period of jobs included in the report depends on the selection made in the Time Period dropdown. The time to generate the report is dependent on the number of events selected. You can wait until the report is ready to view, or navigate away and find the report later in the Log & Report > Report Center page.

Search

Show or hide the search filter field.

Refresh

Click the Refresh icon to refresh the entries displayed after applying search filters.

Add Search Filter

Click the Search Filter field to add search filters. Click the Cancel icon to the left of the search filter to remove the specific filter. Click the Clear All Filters icon in the search filter field to clear all filters. When the filter Filename is used, click the = sign to toggle between the exact and pattern search.

Search filters can be used to filter the information displayed in the GUI.

View Jobs

Click the View Jobs icon to drill down the entry.

Pagination

Use the pagination options to browse entries displayed.

This page displays the following information:

Filename (MD5)

The threat file name and MD5 of this file.

Rating

The file rating. Click the column header to sort the table by this column.

# of Source

The number of users affected. Click the column header to sort the table by this column.

Timeline

View the Threat Timeline Chart. When you hover over any dot, all victim hosts infected by that malware will appear in five minutes. When you click on any dot in the chart, all events associated will be displayed. When you click on an event, the View Details page will open.

Total Files

The number of files displayed and the total number of files.
Threats by Files - level 2

The following options are available:

Back

Click the Back icon to return to the main landing page.

Threat Timeline Chart

Displays the number of threats and types of threats which occurred to the threat target during the peroid of time. Hover over the dots in the chart to view more detailed threat information.

Search

Show or hide the search filter field.

Refresh

Click the refresh icon to refresh the entries displayed after applying search filters.

Add Search Filter

Click the search filter field to add search filters. Click the cancel icon to the left of the search filter to remove the specific filter.

Search filters can be used to filter the information displayed in the GUI.

View Jobs

Click the View Jobs icon to drill down the entry.

Pagination

Use the pagination options to browse entries displayed.

The following information is displayed:

Summary of

Summary information including the file name, source IP address, destination IP address, time period, download location, file type, threat type, submission information, and device information (if available). If the malware appears more than once, the information is from its most recent detection.

Details

Detail information including user IP address. destination IP address, and number of detection times. Select the View Jobs icon, or double-click on the row, to drill down the entry.
Threats by Files - level 3

The following options are available:

Back

Click the Back icon to return to the main landing page.

View Details

Select the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level.

Perform Rescan

Click the icon to rescan the entry. For more information, see Perform Rescan > File Job Search.

Pagination

Use the pagination options to browse entries displayed.

When a file has been rescanned, the results of the rescan are displayed in this page. Select the job ID to view the job details.

The following information is displayed:

Detected

The date and time that the file was detected by FortiSandbox. Click the column header to sort the table by this column.

Filename

Displays the filename. Clicking on the file name can link to a FortiGuard Encyclopedia to provide more information if the rating is Malicious.

Source

Displays the source IP address. Click the column header to sort the table by this column.

Destination

Displays the destination IP address. Click the column header to sort the table by this column.

Rating

Displays the file rating. Click the column header to sort the table by this column.

Total Jobs

The number of jobs displayed and the total number of jobs.
Threats by Files - level 4

For more about information in the View Details pages for malicious and suspicious files, see File Statistics

To create a snapshot report for all threats by files:
  1. Select a time period from the first dropdown list.
  2. Select to apply search filters to further drill down the information in the report.
  3. Click the Export Data button in the toolbar.
  4. In the Report Generator, select either PDF or CSV for the report type.
  5. Click the Generate Report button to create the report. You can wait until the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.
  6. When the report generation is completed, select the Download button to save the file to your management computer.
  7. Click the Cancel button to exit the report generator.

The maximum number of events you can export to a PDF report is 5000. The maximum number of events you can export to a CSV report is 150000. Jobs over that limit are not included in the report.
Previous
Next