Fortinet black logo

Administration Guide

FortiView

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:228165
Download PDF

FortiView

The FortiView menu provides access to the following menus:

The FortiView pages allow you to view and search threats detected by FortiSandbox.

Operation Center

On this page you can view malware which has been detected, as well as its status from a security update perspective. This page displays severity levels, victim IP addresses, incident time, threat, and current action status.

Threats by Hosts

On this page you can view and drill down all threats grouped by individuals or victim hosts in your organization. This page displays threats by user name or host IP address, the number of threats, the number of suspicious files (if available), and a button to show the victim's threat timeline chart. Select an entry in the table to view detailed information including attacker events, Botnet events, and URL events.

Threats by Files

On this page you can view and drill down all threats grouped by files. This page displays threats by file name, risk, and number of users. Select a file name in the table to view detailed information including user IP, destination, and number of detection times.

Threats by Devices

On this page you can view and drill down all threats grouped by devices. This page displays threats by device, number of malicious files, and number of suspicious files. Select a device in the table to view detailed information including malware name, destination, domain, and number of detection times.

Event Calendar

A calendar view of major events, including user login/logout, scan condition changes, and threat detection.

File/URL Scan Search

Search file or URL scan jobs by detection time, file MD5, file name, file SHA1 or SHA256, job ID, malware name, rating, service, source IP, user, submit device, detection OS, etc. You can add multiple search criteria by clicking the search field. If the search criteria is the file name you can also do a pattern search.

This section includes the following topics:

FortiView

The FortiView menu provides access to the following menus:

The FortiView pages allow you to view and search threats detected by FortiSandbox.

Operation Center

On this page you can view malware which has been detected, as well as its status from a security update perspective. This page displays severity levels, victim IP addresses, incident time, threat, and current action status.

Threats by Hosts

On this page you can view and drill down all threats grouped by individuals or victim hosts in your organization. This page displays threats by user name or host IP address, the number of threats, the number of suspicious files (if available), and a button to show the victim's threat timeline chart. Select an entry in the table to view detailed information including attacker events, Botnet events, and URL events.

Threats by Files

On this page you can view and drill down all threats grouped by files. This page displays threats by file name, risk, and number of users. Select a file name in the table to view detailed information including user IP, destination, and number of detection times.

Threats by Devices

On this page you can view and drill down all threats grouped by devices. This page displays threats by device, number of malicious files, and number of suspicious files. Select a device in the table to view detailed information including malware name, destination, domain, and number of detection times.

Event Calendar

A calendar view of major events, including user login/logout, scan condition changes, and threat detection.

File/URL Scan Search

Search file or URL scan jobs by detection time, file MD5, file name, file SHA1 or SHA256, job ID, malware name, rating, service, source IP, user, submit device, detection OS, etc. You can add multiple search criteria by clicking the search field. If the search criteria is the file name you can also do a pattern search.

This section includes the following topics: