Fortinet black logo

EMS Administration Guide

Viewing Sandbox event details

Viewing Sandbox event details

You can view a detailed report about a Sandbox event. EMS retrieves the report from FortiSandbox.

Note

This option is only available when using an on-premise FortiSandbox appliance that you have configured a username and password for in the endpoint profile. FortiSandbox Cloud does not support this option. See Sandbox Detection.

  1. Go to Endpoints, and select All Domains, a domain, or workgroup. The list of endpoints for the selected domain or workgroup displays.
  2. Click an endpoint to display details about it in the content pane. Details about the endpoint display in the content pane.
  3. On the Sandbox Events tab, click the magnifying glass icon beside the desired Sandbox event. EMS displays a detailed report about the Sandbox event.

  4. Click Process Tree. For some events, you can see a graphical representation of the processes that the malware created on FortiSandbox.

Viewing Sandbox event details

You can view a detailed report about a Sandbox event. EMS retrieves the report from FortiSandbox.

Note

This option is only available when using an on-premise FortiSandbox appliance that you have configured a username and password for in the endpoint profile. FortiSandbox Cloud does not support this option. See Sandbox Detection.

  1. Go to Endpoints, and select All Domains, a domain, or workgroup. The list of endpoints for the selected domain or workgroup displays.
  2. Click an endpoint to display details about it in the content pane. Details about the endpoint display in the content pane.
  3. On the Sandbox Events tab, click the magnifying glass icon beside the desired Sandbox event. EMS displays a detailed report about the Sandbox event.

  4. Click Process Tree. For some events, you can see a graphical representation of the processes that the malware created on FortiSandbox.