You can view a detailed report about a Sandbox event. EMS retrieves the report from FortiSandbox.
This option is only available when using an on-premise FortiSandbox appliance that you have configured a username and password for in the endpoint profile. FortiSandbox Cloud does not support this option. See Sandbox Detection.
- Go to Endpoints, and select All Domains, a domain, or workgroup. The list of endpoints for the selected domain or workgroup displays.
- Click an endpoint to display details about it in the content pane. Details about the endpoint display in the content pane.
- On the Sandbox Events tab, click the magnifying glass icon beside the desired Sandbox event. EMS displays a detailed report about the Sandbox event.
- Click Process Tree. For some events, you can see a graphical representation of the processes that the malware created on FortiSandbox.