반응형
SMALL
FortiSandbox Flow
 
Static Scan:
- Rule matched : Suspicious(High/Medium/Low) -> End
- Rule did not match : Clean -> Goto AV Scan
 
AV Scan:
- Signature matched : Malicious -> End
- Signature did not match : Clean -> Goto Cloud Query
 
Cloud Query:
- Hash matched with Suspicious : Suspicious(High/Medium/Low) -> End
- Hash matched with Clean : Clean -> End
- Hash did not match : Clean -> End(if not supporting VM Scan for the file) or Goto VM Scan(if supporting VM Scan for the file)
 
VM Scan:
- Suspicous behavior was detected  : Suspicious(High/Medium/Low) -> End
- Suspicous behavior was not detected : Clean -> End
- Other : Unknown -> End

 

 

 

반응형
LIST

'업무이야기 > Security' 카테고리의 다른 글

Fortinet Open Ports Diagram  (0) 2018.05.08
FortiSandbox diagram  (0) 2018.05.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
반응형
SMALL
FortiSandbox Custom VM
 

아래한글 지원 custom VM 입니다.

http://fsavm.fortinet.net/WIN7X86VM_HWP.pkg.7z 
파일을받아서 FTP 서버에올려놓고아래처럼 fw-upgrade 로올려야합니다.
>fw-upgrade -l -v -tftp -s192.168.200.100 -uadmin -padmin -f/VM/WIN7X86VM_HWP.pkg.7z

기본 패키지 업로드
>fw-upgrade -l -v -tftp -sfsavm.fortinet.net -uanonymous -f/general/image/2.0.0/2015022118_vm.pkg.7z

ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z


커스텀 패키지 업로드
> vm-customized -cn -tftp -s10.10.11.111 -uadmin -padmin1 -f/V5Win7EntSP1x64.vdi -oWindows7_64 -vCustHWP7

> vm-customized -cn -tftp -s192.168.234.223 -unicstech -pnics00 -f/V5Win7ProSP1x86/V5Win7ProSP1x86.vdi -k344ADE788168B08581349D71C8299AFA -voWindows7 -vnCustHWP

메타 파일 업로드
> vm-customized -cf -tftp -s10.10.11.111 -uadmin -padmin1 -f/metafile.txt -vCustWin7-32
--2016-09-29 17:33:09--  ftp://10.10.11.111/metafile.txt
=> '/drive0/tmp/customizedvm.meta.tmp'
Connecting to 10.10.11.111:21... connected.
Logging in as admin ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD not needed.
==> SIZE metafile.txt ... 108
==> PASV ... done. ==> RETR metafile.txt ... done.
Length: 108 (unauthoritative)

metafile.txt 100%[=============================================================================>] 108 --.-KB/s in 0.002s  

2016-09-29 17:33:09 (43.7 KB/s) - '/drive0/tmp/customizedvm.meta.tmp' saved [108]



메타파일
파일명 : metafile.txt
HWP NEO Viewer
Visual C++ Redistributor 2013
.NET Framework 4.0
Adobe Flash Player 22.0
Alzip 10.5

 

 

반응형
LIST

'업무이야기 > Security' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28

+ Recent posts