The following is a list of new features and enhancements in 3.2.0. For details, see the FortiDeceptor Administration Guide.
The auto deployment feature automates and simplifies decoy deployment by collecting network information regarding active assets, OS, services, and more. Understanding the network assets profile using automation provides a better deployment strategy.
Auto learning features automates and simplifies lure deployment by learning the AD environment, keywords, sample organization files, and more to generate lure documents and lure configuration automatically.
FortiOS 6.4 and later provides a feature automation which accepts webhook incoming requests and triggers different actions, so that the incoming request is forwarded to all the Fabric devices for further processing. The webhook feature supports FortiOS 6.4 and later and third-party webhooks.
Use the new GEN-WEBHOOK to integrate with third-party security tools like firewalls, AV/EDR, NAC, and more.
The current REST-API integration method is still available for backward compatibility.
Web proxy support includes support for FDS ARAE / IPS/AV package, web filter, deception OS image, and firmware image.
Added remote desktop (RDP) configuration (username, password, and IP address) to the endpoint Windows Credential Manager for luring the threat actor to engage with a Windows decoy instead of a real asset.
Added SMB network share configuration (username, password, and IP address) to the endpoint Windows Credential Manager for luring the threat actor to engage with a file server decoy instead of a real asset.
FortiDeceptor supports deployment in offline/air-gapped networks by allowing you to download and import all software components like deception OS VMs, firmware, FDS packages (IPS/AV/WEB), and licenses via the management console GUI or the support portal.
FortiDeceptor integrates with FortiManager to automatically download FDS packages (IPS/AV/WEB) using the FortiGuard override FDN configuration.