FortiSandbox

Details
Content
Dependencies
Version History

FortiSandbox is an advanced security tool that goes beyond standard sandboxing. It combines proactive mitigation, enhanced threat detection, and in-depth reporting, using Fortinet's dynamic antivirus technology, dual-level sandboxing, and FortiGuard cloud integration to counter advanced threats. It effectively detects viruses, Advanced Persistent Threats (APTs), and malicious URLs, integrating seamlessly with existing Fortinet devices like FortiGate and FortiMail for comprehensive network protection.

Pack Contributors:

Lior Sabri

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Lior Sabri

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Dashboards

Name	Description
FortiSandboxv2 API Execution Metrics

Integrations

Name	Description
FortiSandbox (Deprecated)	FortiSandbox integration is used to submit files to FortiSandbox for malware analysis and retrieving the report of the analysis. It can also provide file rating based on hashes for already scanned files. Deprecated. Use FortiSandboxv2 instead.
FortiSandbox v2	FortiSandbox is an advanced security tool that goes beyond standard sandboxing. It combines proactive mitigation, enhanced threat detection, and in-depth reporting, using Fortinet's dynamic antivirus technology, dual-level sandboxing, and FortiGuard cloud integration to counter advanced threats. It effectively detects viruses, Advanced Persistent Threats (APTs), and malicious URLs, integrating seamlessly with existing Fortinet devices like FortiGate and FortiMail for comprehensive network protection.

Name

Description

FortiSandbox (Deprecated)

FortiSandbox integration is used to submit files to FortiSandbox for malware analysis and retrieving the report of the analysis. It can also provide file rating based on hashes for already scanned files. Deprecated. Use FortiSandboxv2 instead.

FortiSandbox v2

Playbooks

Name	Description
FortiSandbox - Upload Multiple Files	Playbook used to upload files to FortiSandbox. Deprecated. Use `fortisandbox-submission-file-upload` instead.
Detonate File - FortiSandbox	Main playbook to upload submissions to FortiSandbox, poll for verdict. Deprecated. Use `fortisandbox-submission-file-upload` instead. and retrieve report
FortiSandbox - Loop For Job Verdict	Playbook used to retrieve the verdict for a specific job id for a sample. Deprecated. Use `fortisandbox-submission-file-upload` instead. submitted to FortiSandbox
FortiSandbox - Loop for Job Submissions	Playbook used to retrieve job id for submissions of fortisandbox using. Deprecated. Use `fortisandbox-submission-file-upload` instead. the submission id.

Widgets

Name	Description
API Call Results for FortiSandbox2

Integrations

Name	Description
FortiSandbox (Deprecated)	FortiSandbox integration is used to submit files to FortiSandbox for malware analysis and retrieving the report of the analysis. It can also provide file rating based on hashes for already scanned files. Deprecated. Use FortiSandboxv2 instead.
FortiSandbox v2	FortiSandbox is an advanced security tool that goes beyond standard sandboxing. It combines proactive mitigation, enhanced threat detection, and in-depth reporting, using Fortinet's dynamic antivirus technology, dual-level sandboxing, and FortiGuard cloud integration to counter advanced threats. It effectively detects viruses, Advanced Persistent Threats (APTs), and malicious URLs, integrating seamlessly with existing Fortinet devices like FortiGate and FortiMail for comprehensive network protection.

Name

Description

FortiSandbox (Deprecated)

FortiSandbox v2

Playbooks

Name	Description
Detonate File - FortiSandbox	Main playbook to upload submissions to FortiSandbox, poll for verdict. Deprecated. Use `fortisandbox-submission-file-upload` instead. and retrieve report
FortiSandbox - Upload Multiple Files	Playbook used to upload files to FortiSandbox. Deprecated. Use `fortisandbox-submission-file-upload` instead.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR

2.0.3 - 5308813 (October 8, 2025)

Integrations

FortiSandbox v2

Fixed an issue where URL indicators were not correctly identified in some cases.
Updated the Docker image to: demisto/python3:3.12.11.4819260.

Related pull requests:
- 41464

Download

2.0.2 - 4096037 (July 8, 2025)

Integrations

FortiSandbox v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.1 - R3980324 (June 26, 2025)

Integrations

FortiSandbox v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.0 - 931860 (April 3, 2024)

Dashboards

New: FortiSandboxv2 API Execution Metrics

(Available from Cortex XSOAR 6.10.0).

Integrations

FortiSandbox (Deprecated)

Deprecated. Use FortiSandboxv2 instead.

New: FortiSandbox v2

New: FortiSandbox is an advanced security tool that goes beyond standard sandboxing. It combines proactive mitigation, enhanced threat detection, and in-depth reporting, using Fortinet's dynamic antivirus technology, dual-level sandboxing, and FortiGuard cloud integration to counter advanced threats. It effectively detects viruses, Advanced Persistent Threats (APTs), and malicious URLs, integrating seamlessly with existing Fortinet devices like FortiGate and FortiMail for comprehensive network protection.

Playbooks

Detonate File - FortiSandbox

Deprecated. Use fortisandbox-submission-file-upload instead.

FortiSandbox - Loop For Job Verdict

Deprecated. Use fortisandbox-submission-file-upload instead.

FortiSandbox - Loop for Job Submissions

Deprecated. Use fortisandbox-submission-file-upload instead.

FortiSandbox - Upload Multiple Files

Deprecated. Use fortisandbox-submission-file-upload instead.

Widgets

New: API Call Results for FortiSandbox2

(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 33716
- 33400

Download

1.0.5 - 5976562 (August 7, 2023)

Integrations

FortiSandbox

Documentation and metadata improvements.

Related pull requests:
- 28648

Download

2.0.3 - 5308813 (October 8, 2025)

Integrations

FortiSandbox v2

Fixed an issue where URL indicators were not correctly identified in some cases.
Updated the Docker image to: demisto/python3:3.12.11.4819260.

Related pull requests:
- 41464

Download

2.0.2 - 4096037 (July 8, 2025)

Integrations

FortiSandbox v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.1 - R3980324 (June 26, 2025)

Integrations

FortiSandbox v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.0 - 933455 (April 3, 2024)

Integrations

FortiSandbox (Deprecated)

Deprecated. Use FortiSandboxv2 instead.

New: FortiSandbox v2

New: FortiSandbox is an advanced security tool that goes beyond standard sandboxing. It combines proactive mitigation, enhanced threat detection, and in-depth reporting, using Fortinet's dynamic antivirus technology, dual-level sandboxing, and FortiGuard cloud integration to counter advanced threats. It effectively detects viruses, Advanced Persistent Threats (APTs), and malicious URLs, integrating seamlessly with existing Fortinet devices like FortiGate and FortiMail for comprehensive network protection.

Playbooks

Detonate File - FortiSandbox

Deprecated. Use fortisandbox-submission-file-upload instead.

FortiSandbox - Upload Multiple Files

Deprecated. Use fortisandbox-submission-file-upload instead.

Related pull requests:
- 33716
- 33400

Download

1.0.5 - 5976562 (August 7, 2023)

Integrations

FortiSandbox

Documentation and metadata improvements.

Related pull requests:
- 28648

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	February 14, 2021
Last Release	October 8, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.