FortiSandbox
Version : FortiSandbox version 3.1.0 and later
FortiSandbox Cloud is a cloud-based managed option for businesses looking for a turnkey solution. It delivers the same rapid detection and automated response as the physical FortiSandbox appliance, but is accessed through the cloud, and provides unlimited flexibility to complement entry and mid-range FortiGates.
Netsurion Open XDR, when integrated with FortiSandbox, enables users to view critical information related to activities performed in FortiSandbox or other Fortinet devices. This information is represented in the form of report, alert and graphical/ pictorial representation (dashboard).
Flex reports contain a detailed overview of activities like net attack events, malware events and system logs for Forti devices, etc.
Alerts are provided as soon as any critical event is triggered by FortiSandbox. Such as, malware detected, virus detected.
From visual representation/ overview of top activities are being performed in FortiSandbox to malicious attachments, viruses and malware detection can be viewed on Netsurion Open XDR ‘dashboard’.
Once events are received into Netsurion Open XDR; reports, knowledge objects, categories and dashboards can be configured into Netsurion Open XDR.
Netsurion monitors all the FortiSandbox events from services like system events, malware events, and netattack events, etc., they are given as below.
- Security – Malware events and net attack events.
- Compliance – System events and mail traffic.
Once FortiSandbox is configured to deliver events to Netsurion Open XDR; alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | FortiSandbox – Malware detected | This alert is triggered when a mail attachment has malware files. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | FortiSandbox – Netattack activities | This report includes the information of virus attack id, malware name, and attachment details. |
| Security | FortiSandbox – Malware activities | This report includes the information of attachments that has malware attachments, attachment detail. |
| Compliance | FortiSandbox – System activities | This report includes the information of user name, source IP address, destination IP address, access from, sender address, and receiver address. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x and later, and FortiSandbox.
Download Integration Guide and How-to Guide for configuration instructions and more information.