Deploy Decoy VMs with the Deployment Wizard
Use the Deployment Wizard to create and deploy Decoy VMs on your network. Decoy VMs appear as real endpoints to hackers and can collect valuable information about attacks.
To deploy Decoys on the network:
- Go to Deception > Deployment Wizard.
- Click + to add a Decoy VM.
- Configure the following:
Name
Specify the name of the deployment profile. Maximum 15 characters using A-Z, a-z, 0-9, dash, or underscore. No duplicate profile names.
Available Deception OSes
Select a Deception OS.
Selected Services
Displays the selected services. You cannot edit this field.
-
For an Ubuntu VM, turn on SSH or SAMBA.
For Windows, turn on RDP or SMB.
For SCADA, turn on HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST, or IEC104.
- Click Add Lure for the service and configure the following:
Username
Specify the username for the decoy. Maximum 19 characters using A-Z, a-z, or 0-9.
Do not set the username of the lures to be the same as existing usernames in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux. Specify the password for the decoy in 1-14 non-unicode characters.
Sharename
This option is only available for SAMBA (Ubuntu) or SMB (Windows). Specify a Sharename in 3-63 characters using A-Z, a-z, or 0-9.
Update or Cancel
Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.
- To launch the decoy VM immediately, enable Launch Immediately.
- To reset the decoy VM after it detects incidents, enable Reset Decoy and specify the Reset Interval value in seconds.
- Click Next.
- The Hostname can start with an English character or a digit, and must not end with a hyphen. Maximum 15 characters using A-Z, a-z, 0-9, or hyphen (case-sensitive). Other symbols, punctuation, or white space are not allowed. The Hostname cannot conflict with decoy names.
- Click Add Interface.
- In the Add Interface for Decoy pane, select the Deploy Interface. Set this to the VLAN or subnet added in Set up the Deployment Network
- Configure the following settings in the Add Interface for Decoy pane:
- Click Done.
- To deploy the decoys on the network, click Deploy.
- To save this as a template in Deception > Deployment Wizard, click Template.