View sandbox analysis reports

In an external portal or in the local portal provided by your Forcepoint Advanced Malware Detection appliance, you can view detailed reports for files that have been analyzed by sandbox services.

When a file has been analyzed, log entries related to cloud sandbox or local sandbox scans include a link to the analysis report in the Scan Report field.

Note: You cannot view reports for log entries where the Scanner Details cell shows the message "Sandbox Analysis Pending".

By default, the SMC generates permanent links to sandbox analysis reports. Viewing sandbox analysis reports using permanent links does not require separate authentication in the external portal.

Note: To generate permanent links to sandbox analysis reports in log entries, the SMC makes an API query to the sandbox service. Make sure that traffic from the SMC to the API for the sandbox service is allowed. If necessary, add Access rules that allow traffic from the SMC to the sandbox data centers on TCP port 443.

If the API query to the sandbox service does not succeed, the SMC generates a unique dynamic link for each sandbox analysis report. To view sandbox analysis reports using a dynamic link, you must separately authenticate in the external portal.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Logs.
  2. From the Log Data Context drop-down list on the Query pane, select File Filtering, then click Apply.
    Only log entries related to file filtering events are shown.
  3. Right-click a log entry that shows Report Available in the Scan Report cell, then select Open Sandbox Report in Default Browser.
    The portal opens in a web browser.