Skip to main content

FortiSandbox

This Integration is part of the Forti Sandbox Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

FortiSandbox integration is used to submit files to FortiSandbox for malware analysis and retrieving the report of the analysis. It can also provide file rating based on hashes for already scanned files.

Configure FortiSandbox on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for FortiSandbox.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URLURL of the Fortisandbox server.True
    CredentialsTrue
    PasswordTrue
    Trust any certificate (not secure)By default SSL certification validation is enabled.False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

fortisandbox-simple-file-rating-sha256#


Get file rating of SHA-256 Checksum

Base Command#

fortisandbox-simple-file-rating-sha256

Input#

Argument NameDescriptionRequired
checksumSHA-256 Checksum to check the rating.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

fortisandbox-simple-file-rating-sha1#


Get File Rating of SHA-1 checksum

Base Command#

fortisandbox-simple-file-rating-sha1

Input#

Argument NameDescriptionRequired
checksumSHA-1 Checksum to check the rating.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

fortisandbox-url-rating#


Get URL Rating from FortiSandbox

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

fortisandbox-url-rating

Input#

Argument NameDescriptionRequired
urlComma separated URLs to get url rating.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

fortisandbox-get-file-verdict-detailed#


Query file's verdict through its checksum (returns JSON)

Base Command#

fortisandbox-get-file-verdict-detailed

Input#

Argument NameDescriptionRequired
checksumChecksum value to query.Required
checksum_typeType of checksum - sha1 or sha256. Possible values are: sha1, sha256.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

fortisandbox-upload-file#


Upload file (on-demand submit)

Base Command#

fortisandbox-upload-file

Input#

Argument NameDescriptionRequired
file_entry_idEntry ID of the file to upload.Required
archive_passwordPassword for archived/zipped files.Optional
vm_csv_listVMs to scan the File on, comma seperated. (Ex.WIN7X86VM,WINXPVM).Optional
skip_stepsDo not use this parameter if no step to skip. 1 = Skip AV, 2= Skip Cloud, 4= Skip sandboxing, 8= Skip Static Scan.Optional
malpkgSet the value as "1" to require to add the sample to malware package if it satisfy the malware critia. By default, the value is "0". Default is 0.Optional
sha256File SHA-256 used to get scan report.Required

Context Output#

PathTypeDescription
FortiSandbox.Upload.SubmissionIdstringSubmission ID of file submission
FortiSandbox.Upload.FileNamestringFile Uploaded
FortiSandbox.Upload.SHA256stringSHA256 of uploaded file used for getting report
FortiSandbox.Upload.StatusstringScan status

Command Example#

Human Readable Output#

fortisandbox-query-job-verdict#


Query File Scan verdict from FortiSandbox based on Job ID

Base Command#

fortisandbox-query-job-verdict

Input#

Argument NameDescriptionRequired
job_idScan Job ID for file.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

fortisandbox-jobid-from-submission#


Get Job IDs from an uploaded Submission using the submission ID

Base Command#

fortisandbox-jobid-from-submission

Input#

Argument NameDescriptionRequired
submission_idSubmission ID of uploaded file to scan.Required

Context Output#

PathTypeDescription
FortiSandbox.Upload.Statusstringscan status
FortiSandbox.Upload.JobIdsstringjob ids for submission

Command Example#

Human Readable Output#

fortisandbox-get-pdf-report#


Get PDF Report of scanned item

Base Command#

fortisandbox-get-pdf-report

Input#

Argument NameDescriptionRequired
query_typeSelect query method - job ID or sha256. Possible values are: jid, sha256.Required
query_valueEnter query value - job ID value or Sha256 hash of the file.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

fortisandbox-upload-urls#


Upload CSV URLs

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

fortisandbox-upload-urls

Input#

Argument NameDescriptionRequired
urlsComma seperated url values.Required

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#