Fortinet black logo

New Features

Home FortiAnalyzer 6.2.1 New Features

FortiSandbox analysis details in SOC view

6.2.1
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID fac241c6-8ba3-11e9-81a4-00505692583a:417525
Download PDF

FortiSandbox analysis details in SOC view

A lot of analysis details are retrieved from FortiSandbox and displayed in FortiSandbox Detection in SOC View using the new FSA API.

  • In SOC > FortiView, select an entry from Threat > FortiSandbox Detection to enter a drilldown view.
  • In the FortiSandbox Detection drilldown view, click FortiSandbox Scan to display FortiSandbox execution details. There are three tabs: Overview, Details, and Tree View.

    • Overview displays basic information about the scanned file. You can click on the arrow to hide or show additional data.

    • Details includes several categories, including Behavior Chronology Chart, Indicators, MITRE ATTACK, File Operations, Registry Operations, Memory Operations, Network Operations, and PCAP Information.

      • In Behavior Chronology Chart, mouse over a dot on the chart to display operation details.
      • In Indicators, mouse over a color in the bar chart to display the indicator's score.

      • In MITRE ATTACK, use the pagination icons to view other pages, or use the search box to search for a string.

      • In File Operations, use the radio buttons to select different file operations.

      • In Registry Operations, use the radio buttons select different registry operations.

      • In Memory Operations, use the radio buttons to select different memory operations.

    • Tree View:
      • Use the scroll wheel to zoom in and out of the displayed tree.

      • Click a file icon to show Process Information, Memory Operations, Network Operations, and more.

Previous
Next

FortiSandbox analysis details in SOC view

A lot of analysis details are retrieved from FortiSandbox and displayed in FortiSandbox Detection in SOC View using the new FSA API.

  • In SOC > FortiView, select an entry from Threat > FortiSandbox Detection to enter a drilldown view.
  • In the FortiSandbox Detection drilldown view, click FortiSandbox Scan to display FortiSandbox execution details. There are three tabs: Overview, Details, and Tree View.

    • Overview displays basic information about the scanned file. You can click on the arrow to hide or show additional data.

    • Details includes several categories, including Behavior Chronology Chart, Indicators, MITRE ATTACK, File Operations, Registry Operations, Memory Operations, Network Operations, and PCAP Information.

      • In Behavior Chronology Chart, mouse over a dot on the chart to display operation details.
      • In Indicators, mouse over a color in the bar chart to display the indicator's score.

      • In MITRE ATTACK, use the pagination icons to view other pages, or use the search box to search for a string.

      • In File Operations, use the radio buttons to select different file operations.

      • In Registry Operations, use the radio buttons select different registry operations.

      • In Memory Operations, use the radio buttons to select different memory operations.

    • Tree View:
      • Use the scroll wheel to zoom in and out of the displayed tree.

      • Click a file icon to show Process Information, Memory Operations, Network Operations, and more.

Previous
Next