FortiSandbox

Applies to: FortiSandbox version 3.1.0 and later

Overview

FortiSandbox Cloud is a cloud-based managed option for businesses looking for a turnkey solution. It delivers the same rapid detection and automated response as the physical FortiSandbox appliance, but is accessed through the cloud, and provides unlimited flexibility to complement entry and mid-range FortiGates.

EventTracker, when integrated with FortiSandbox, enables users to view critical information related to activities performed in FortiSandbox or other Fortinet devices. This information is represented in the form of report, alert and graphical/ pictorial representation(dashboard).

Flex reports contain a detailed overview of activities like net attack events, malware events and system logs for Forti devices, etc.

Alerts are provided as soon as any critical event is triggered by FortiSandbox. Such as, malware detected, virus detected.

From visual representation/ overview of top activities are being performed in FortiSandbox to malicious attachments, viruses and malware detection can be viewed on EventTracker ‘dashboard’.

Once events are received into EventTracker, Reports, Knowledge Objects, Categories and Dashboards can be configured into EventTracker.

EventTracker monitors all the FortiSandbox events from services like system events, malware events, and netattack events, etc., they are given as below.

• Security – Malware events and net attack events.
• Compliance – System events and mail traffic.

Once FortiSandbox is configured to deliver events to EventTracker; alerts, dashboards, and reports can be configured into EventTracker.

Scope

The configuration details are consistent with EventTracker version 9.x and later, and FortiSandbox v3.1.0 and later.

Documentation

To configure FortiSandbox to send logs to EventTracker, refer the How to Guide.

For more information, please refer the FortiSandbox Integration Guide.