Fortinet black logo

Administration Guide

Home FortiSandbox 4.2.4 Administration Guide
4.2.4
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6

Adapter

Adapter

FortiSandbox uses adapters to connect to third-party products such as Carbon Black/Bit9 server, ICAP, and mail gateway clients.

With an adapter, FortiSandbox can analyze files downloaded from the Carbon Black server to send notifications of file verdict back to the server, or receive HTTP messages from an ICAP client and return a response to it.

FortiSandbox supports mail adapters to receive forwarded emails from an upstream email gateway and scan them. FortiSandbox extracts email attachments and URLs in an email body and sends them to the job queue.

You can use the MTA adapter to inspect and quarantine suspicious emails. For more information, see MTA adapter and the FortiSandbox user guide in the AWS marketplace.

The BCC adapter is for information only, it does not block emails.

FortiSandbox creates the ICAP, BCC, and MTA adapters which cannot be deleted. They are disabled by default.

The following options are available:

Create New

Create a new adapter.

Edit

Edit an adapter.

Delete

Delete an adapter.

You cannot delete the ICAP, BCC, or MTA adapter.

Test Connection

If available, click this button to test the selected entry's connection. The banner at the top displays the result.

This page displays the following information:

Adapter Name

Adapter name.

Vendor Name

Vendor name.

Serial

Serial number.

FQDN/IP

FQDN/IP address.

This field is empty for the ICAP, BCC, and MTA adapter.

Malicious

File and URL count of Malicious rating from this adapter in the last seven days.

High

File and URL count of High Risk rating from this adapter in the last seven days.

Medium

File and URL count of Medium Risk rating from this adapter in the last seven days.

Low

File and URL count of Low Risk rating from this adapter in the last seven days.

Clean

File and URL count of Clean rating from this adapter in the last seven days.

Other

File and URL count of Other rating from this adapter in the last seven days.
To create an adapter:
  1. Go to Security Fabric > Adapter.
  2. Click the Create New button from the toolbar.
  3. Configure the following and click OK.

    Vendor Name

    Select Carbon Blaclk/Bit9.

    Adapter Name

    Enter the adapter name.

    Server FQDN/IP

    Enter the FQDN/IP address of the Carbon Black server.

    Token

    Enter the token string. Authentication token is assigned by the Carbon Black server.

    Timeout (seconds)

    Enter the timeout value.

    Serial

    Auto-generated serial number for this adapter. It works as a device serial number to denote file's input device.

After you create a Carbon Black adapter, FortiSandbox tries to communicate with the Carbon Black server. If the connection and authentication is successful, the status column shows a green icon, otherwise it shows a red icon.

To troubleshoot communication problems with an adapter, use this CLI command:

diagnose-debug [adapter_cb | adapter_icap | adapter_bcc | adapter_mta_relay | adapter_mta_mail]

Previous
Next

Adapter

FortiSandbox uses adapters to connect to third-party products such as Carbon Black/Bit9 server, ICAP, and mail gateway clients.

With an adapter, FortiSandbox can analyze files downloaded from the Carbon Black server to send notifications of file verdict back to the server, or receive HTTP messages from an ICAP client and return a response to it.

FortiSandbox supports mail adapters to receive forwarded emails from an upstream email gateway and scan them. FortiSandbox extracts email attachments and URLs in an email body and sends them to the job queue.

You can use the MTA adapter to inspect and quarantine suspicious emails. For more information, see MTA adapter and the FortiSandbox user guide in the AWS marketplace.

The BCC adapter is for information only, it does not block emails.

FortiSandbox creates the ICAP, BCC, and MTA adapters which cannot be deleted. They are disabled by default.

The following options are available:

Create New

Create a new adapter.

Edit

Edit an adapter.

Delete

Delete an adapter.

You cannot delete the ICAP, BCC, or MTA adapter.

Test Connection

If available, click this button to test the selected entry's connection. The banner at the top displays the result.

This page displays the following information:

Adapter Name

Adapter name.

Vendor Name

Vendor name.

Serial

Serial number.

FQDN/IP

FQDN/IP address.

This field is empty for the ICAP, BCC, and MTA adapter.

Malicious

File and URL count of Malicious rating from this adapter in the last seven days.

High

File and URL count of High Risk rating from this adapter in the last seven days.

Medium

File and URL count of Medium Risk rating from this adapter in the last seven days.

Low

File and URL count of Low Risk rating from this adapter in the last seven days.

Clean

File and URL count of Clean rating from this adapter in the last seven days.

Other

File and URL count of Other rating from this adapter in the last seven days.
To create an adapter:
  1. Go to Security Fabric > Adapter.
  2. Click the Create New button from the toolbar.
  3. Configure the following and click OK.

    Vendor Name

    Select Carbon Blaclk/Bit9.

    Adapter Name

    Enter the adapter name.

    Server FQDN/IP

    Enter the FQDN/IP address of the Carbon Black server.

    Token

    Enter the token string. Authentication token is assigned by the Carbon Black server.

    Timeout (seconds)

    Enter the timeout value.

    Serial

    Auto-generated serial number for this adapter. It works as a device serial number to denote file's input device.

After you create a Carbon Black adapter, FortiSandbox tries to communicate with the Carbon Black server. If the connection and authentication is successful, the status column shows a green icon, otherwise it shows a red icon.

To troubleshoot communication problems with an adapter, use this CLI command:

diagnose-debug [adapter_cb | adapter_icap | adapter_bcc | adapter_mta_relay | adapter_mta_mail]

Previous
Next