Login
- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-Threat logs
- 07-Reputation logs
- 08-URL filtering logs
- 09-File filtering logs
- 10-Data filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-NAT logs
- 15-SSL VPN user access logs
- 16-SSL VPN access resource logs
- 17-Terminal status
- 18-DLP logs
- 19-Zero trust policy logs
- 20-Application audit logs
- 21-System logs
- 22-Configuration logs
- 23-Traffic logs
- 24-Load balancing logs
- 25-TopN traffic
- 26-Security policy hit analysis
- 27-TopN threats
- 28-TopN URL filtering statistics
- 29-TopN file filtering statistics
- 30-Attack defense statistics
- 31-Server load balancing statistics
- 32-Outbound link load balancing statistics
- 33-Transparent DNS proxy statistics
- 34-Connection rate ranking
- 35-DLP statistics
- 36-TopN traffic trends
- 37-Security policy hit trend analysis
- 38-TopN threat trends
- 39-TopN URL filtering trends
- 40-TopN file filtering trends
- 41-Link trend
- 42-Routing policy trends
- 43-Virtual server trend
- 44-Server farm trends
- 45-Real server trend
- 46-Domain Requested Times Trend
- 47-TopN file filtering trends
- 48-Online SSL VPN users trend
- 49-Botnet analysis
- 50-Asset security
- 51-Threat case management
- 52-Report settings
- 53-Session list
- 54-LB session information
- 55-DNS cache information
- 56-User information center
- 57-IPv4 online users
- 58-IPv6 online users
- 59-MAC authentication online users
- 60-Terminal status
- 61-Asset scan
- 62-Ping
- 63-Tracert
- 64-Packet capture
- 65-Webpage Diagnosis
- 66-Diagnostic Info
- 67-Packet trace
- 68-Load balancing test
- 69-IPsec diagnosis
- 70-Risk analysis
- 71-Content moderation logs
- 72-Content security top
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-Sandbox logs | 23.88 KB |
Sandbox logs
Introduction
The sandbox logs record the sandbox inspection results, including the basic information of packets and inspected files, and threats found in these files.
For more information about the values for the threat family and threat action fields, see "Appendix."
Restrictions and guidelines
The detailed information of sandbox logs is displayed only in JSON format.
The field value in the appendix varies by the software version of the sandbox.
Appendix
Table 1 Value for the threat family field
|
ID |
Threat family |
|
0 |
Others |
|
1 |
Viruses |
|
2 |
Trojans |
|
3 |
Worms |
|
4 |
Backdoors |
|
5 |
Ransomware |
|
6 |
Downloader |
|
7 |
Malicious advertisements |
|
8 |
Malicious scripts |
|
9 |
Macro viruses |
|
10 |
Malicious files with vulnerabilities |
|
11 |
Phishing |
|
12 |
Riskware |
|
13 |
Shell software |
|
14 |
Heuristic behaviors |
|
15 |
Digital currency |
|
16 |
Botnets |
|
17 |
APT intelligence |
|
18 |
Malicious DGA domain names |
Table 2 Value for the threat act field
|
ID |
Threat action |
|
1 |
Enable autorun after the device starts. |
|
2 |
Inject to other processes remotely. |
|
3 |
Reduce the firewall security level or add whitelist entries. |
|
4 |
Bypass User Account Control (UAC) to obtain the administrator privilege. |
|
5 |
Disable the system protection mechanism. |
|
6 |
Detect whether the antivirus software is installed or running in the system. |
|
7 |
Detect whether the file runs in the sandbox or is debugged by the debugger. |
|
8 |
Delete local files. |
|
9 |
DLL hijacking or image hijacking. |
|
10 |
Replace the file to be an EXE file or a DLL file. |
|
11 |
The file uses a name similar to a key process for counterfeiting. |
|
12 |
Infect the existing PE files. |
|
13 |
Load the driver. |
|
14 |
Modify the security policies of the IE browser. |
|
15 |
Add or modify a Windows account. |
|
16 |
Add or modify a Windows service. |
|
17 |
Suspicious network connection. |
|
18 |
Create a suspicious process and release a suspicious file. |
|
19 |
Release an executable program. |
|
20 |
Automatic shutdown, automatic restart or automatic logout. |
|
21 |
The PE file execution releases a script file. |
|
22 |
Modify the hosts file. |
|
23 |
Hook the key functions of the program. |
|
24 |
Promote the privilege of the program. |
|
25 |
The script file uses the PowerShell. |
|
26 |
Malicious network behaviors of the script file. |
|
27 |
Access sensitive files, such as the files storing the browser username and password. |
|
28 |
Using the Android software consumes the call charge. |
|
29 |
Malicious advertisements on the Android software. |
|
30 |
The Android software steals user privacy. |
|
31 |
File faking |
|
32 |
Modify the file hidden attribute. |
|
33 |
Malicious network behaviors of an executable file. |
|
34 |
Malicious shortcut files |
|
35 |
Suspicious macro viruses |
|
200 |
Viruses |
|
201 |
Spyware |
|
202 |
Worms |
|
203 |
Backdoors |
|
204 |
Ransomware |
|
205 |
Downloader |
|
206 |
Malicious advertisements |
|
207 |
Malicious scripts |
|
208 |
Malicious files with vulnerabilities |
|
209 |
Virus generator |
|
210 |
Shell software |
|
211 |
Heuristic behaviors |
|
212 |
Riskware |
|
213 |
Phishing |
|
214 |
Macro viruses |
|
215 |
Other threat types |
