Fortinet Document Library

Version:


Table of Contents

6.2.1
Download PDF
Copy Link

FortiSandbox analysis details in SOC view

A lot of analysis details are retrieved from FortiSandbox and displayed in FortiSandbox Detection in SOC View using the new FSA API.

  • In SOC > FortiView, select an entry from Threat > FortiSandbox Detection to enter a drilldown view.
  • In the FortiSandbox Detection drilldown view, click FortiSandbox Scan to display FortiSandbox execution details. There are three tabs: Overview, Details, and Tree View.

    • Overview displays basic information about the scanned file. You can click on the arrow to hide or show additional data.

    • Details includes several categories, including Behavior Chronology Chart, Indicators, MITRE ATTACK, File Operations, Registry Operations, Memory Operations, Network Operations, and PCAP Information.

      • In Behavior Chronology Chart, mouse over a dot on the chart to display operation details.
      • In Indicators, mouse over a color in the bar chart to display the indicator's score.

      • In MITRE ATTACK, use the pagination icons to view other pages, or use the search box to search for a string.

      • In File Operations, use the radio buttons to select different file operations.

      • In Registry Operations, use the radio buttons select different registry operations.

      • In Memory Operations, use the radio buttons to select different memory operations.

    • Tree View:
      • Use the scroll wheel to zoom in and out of the displayed tree.

      • Click a file icon to show Process Information, Memory Operations, Network Operations, and more.

FortiSandbox analysis details in SOC view

A lot of analysis details are retrieved from FortiSandbox and displayed in FortiSandbox Detection in SOC View using the new FSA API.

  • In SOC > FortiView, select an entry from Threat > FortiSandbox Detection to enter a drilldown view.
  • In the FortiSandbox Detection drilldown view, click FortiSandbox Scan to display FortiSandbox execution details. There are three tabs: Overview, Details, and Tree View.

    • Overview displays basic information about the scanned file. You can click on the arrow to hide or show additional data.

    • Details includes several categories, including Behavior Chronology Chart, Indicators, MITRE ATTACK, File Operations, Registry Operations, Memory Operations, Network Operations, and PCAP Information.

      • In Behavior Chronology Chart, mouse over a dot on the chart to display operation details.
      • In Indicators, mouse over a color in the bar chart to display the indicator's score.

      • In MITRE ATTACK, use the pagination icons to view other pages, or use the search box to search for a string.

      • In File Operations, use the radio buttons to select different file operations.

      • In Registry Operations, use the radio buttons select different registry operations.

      • In Memory Operations, use the radio buttons to select different memory operations.

    • Tree View:
      • Use the scroll wheel to zoom in and out of the displayed tree.

      • Click a file icon to show Process Information, Memory Operations, Network Operations, and more.