FORTI SANDBOX

FORTISANDBOX 1000D

ADMINISTRATION

Supports WebUI and CLI configurations

Multiple administrator account creation

Configuration file backup and restore

Notification email when malicious file is detected

Weekly report to global email list and FortiGate administrators

Centralized search page which allows administrators to build customized search conditions

Frequent signature auto-updates

Automatic check and download new VM images

VM status monitoring

Radius Authentication for administrators

NETWORKING / DEPLOYMENT

Static Routing Support

File Input: Offline/sniffer mode, On-demand file upload, file submission from integrated device(s)

Option to create simulated network for scanned file to access in a closed network environment

High-Availability Clustering support

Port monitoring for fail-over in a cluster

SYSTEM INTEGRATION

File Submission input: FortiGate, FortiClient (ATP agent), FortiMail, FortiWeb

File Status Feedback and Report: FortiGate, FortiClient, FortiMail, FortiWeb

Dynamic Threat DB update: FortiGate, FortiClient, FortiMail
– Periodically push dynamic DB to registered entities
– File checksum and malicious URL DB

Update Database proxy: FortiManager

Remote Logging: FortiAnalyzer, syslog server

JSON API to automate the process of uploading samples and downloading actionable malware indicators
toremediate

Certified third-party integration: CarbonBlack, Ziften

Inter-sharing of IOCs between FortiSandboxes

ADVANCED THREAT PROTECTION

Virtual OS Sandbox:
– Concurrent instances
– OS type supported: Windows XP*, Windows 7, Windows 8.1, Windows 10, macOS, and Android
– Anti-evasion techniques: sleep calls, process, and registry queries
– Callback Detection: malicious URL visit, botnet C&C communication, and attacker traffic from activated

malware
– Download Capture packets, Original File, Tracer log, and Screenshot

Supported in a custom VM File type support: .7z, .ace, .apk, .arj, .bat, .bz2, .cab, .cmd, .dll, .doc, .docm, .docx, .dot, .dotm, .dotx, .exe,
.gz, .htm, html, .jar, .js, .kgb, .lnk, .lzh, Mach-O, .msi, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt,
.pptm, .pptx, .ps1, .rar, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .upx, url, .vbs, WEBLink, .wsf, .xlam, .xls, .xlsb, .xlsm,
.xlsx, .xlt, .xltm, .xltx, .xz, .z, .zip

Protocols/applications supported:
– Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
– Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent
SSL-encrypted versions
– Integrated mode with FortiMail: SMTP, POP3, IMAP
– Integrated mode with FortiWeb: HTTP
– Integrated mode with ICAP Client: HTTP

Customize VMs for supporting various file types

Isolate VM image traffic from system traffic

Network threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit

Scan SMB/NFS network share and quarantine suspicious files. Scan can be scheduled

Scan embedded URLs inside document files

Integrate option for third-party Yara rules

Option to auto-submit suspicious files to cloud service for manual analysis and signature creation

Option to forward files to a network share for further third-party scanning

Files checksum whitelist and blacklist option

URLs submission for scan and query from emails and files

MONITORING AND REPORT