FortiSandbox analysis details in SOC view
A lot of analysis details are retrieved from FortiSandbox and displayed in FortiSandbox Detection in SOC View using the new FSA API.
- In SOC > FortiView, select an entry from Threat > FortiSandbox Detection to enter a drilldown view.
- In the FortiSandbox Detection drilldown view, click FortiSandbox Scan to display FortiSandbox execution details. There are three tabs: Overview, Details, and Tree View.
-
Overview displays basic information about the scanned file. You can click on the arrow to hide or show additional data.
-
Details includes several categories, including Behavior Chronology Chart, Indicators, MITRE ATTACK, File Operations, Registry Operations, Memory Operations, Network Operations, and PCAP Information.
- In Behavior Chronology Chart, mouse over a dot on the chart to display operation details.
- In Indicators, mouse over a color in the bar chart to display the indicator's score.
- In MITRE ATTACK, use the pagination icons to view other pages, or use the search box to search for a string.
- In File Operations, use the radio buttons to select different file operations.
- In Registry Operations, use the radio buttons select different registry operations.
- In Memory Operations, use the radio buttons to select different memory operations.
- In Behavior Chronology Chart, mouse over a dot on the chart to display operation details.
-
Tree View:
- Use the scroll wheel to zoom in and out of the displayed tree.
- Click a file icon to show Process Information, Memory Operations, Network Operations, and more.
-
Overview displays basic information about the scanned file. You can click on the arrow to hide or show additional data.