Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What’s new in FortiDeceptor 3.2.0

The following is a list of new features and enhancements in 3.2.0. For details, see the FortiDeceptor Administration Guide.

Auto deployment mechanism for deception decoy deployment

The auto deployment feature automates and simplifies decoy deployment by collecting network information regarding active assets, OS, services, and more. Understanding the network assets profile using automation provides a better deployment strategy.

Lure content learn and discovery for auto lure deployment

Auto learning features automates and simplifies lure deployment by learning the AD environment, keywords, sample organization files, and more to generate lure documents and lure configuration automatically.

FortiOS and third-party webhook

FortiOS 6.4 and later provides a feature automation which accepts webhook incoming requests and triggers different actions, so that the incoming request is forwarded to all the Fabric devices for further processing. The webhook feature supports FortiOS 6.4 and later and third-party webhooks.

Use the new GEN-WEBHOOK to integrate with third-party security tools like firewalls, AV/EDR, NAC, and more.

The current REST-API integration method is still available for backward compatibility.

Web proxy support for software download

Web proxy support includes support for FDS ARAE / IPS/AV package, web filter, deception OS image, and firmware image.

Improved lures

Added remote desktop (RDP) configuration (username, password, and IP address) to the endpoint Windows Credential Manager for luring the threat actor to engage with a Windows decoy instead of a real asset.

Added SMB network share configuration (username, password, and IP address) to the endpoint Windows Credential Manager for luring the threat actor to engage with a file server decoy instead of a real asset.

Deployment in offline or air-gapped networks

FortiDeceptor supports deployment in offline/air-gapped networks by allowing you to download and import all software components like deception OS VMs, firmware, FDS packages (IPS/AV/WEB), and licenses via the management console GUI or the support portal.

FortiDeceptor integrates with FortiManager to automatically download FDS packages (IPS/AV/WEB) using the FortiGuard override FDN configuration.

What’s new in FortiDeceptor 3.2.0

The following is a list of new features and enhancements in 3.2.0. For details, see the FortiDeceptor Administration Guide.

Auto deployment mechanism for deception decoy deployment

The auto deployment feature automates and simplifies decoy deployment by collecting network information regarding active assets, OS, services, and more. Understanding the network assets profile using automation provides a better deployment strategy.

Lure content learn and discovery for auto lure deployment

Auto learning features automates and simplifies lure deployment by learning the AD environment, keywords, sample organization files, and more to generate lure documents and lure configuration automatically.

FortiOS and third-party webhook

FortiOS 6.4 and later provides a feature automation which accepts webhook incoming requests and triggers different actions, so that the incoming request is forwarded to all the Fabric devices for further processing. The webhook feature supports FortiOS 6.4 and later and third-party webhooks.

Use the new GEN-WEBHOOK to integrate with third-party security tools like firewalls, AV/EDR, NAC, and more.

The current REST-API integration method is still available for backward compatibility.

Web proxy support for software download

Web proxy support includes support for FDS ARAE / IPS/AV package, web filter, deception OS image, and firmware image.

Improved lures

Added remote desktop (RDP) configuration (username, password, and IP address) to the endpoint Windows Credential Manager for luring the threat actor to engage with a Windows decoy instead of a real asset.

Added SMB network share configuration (username, password, and IP address) to the endpoint Windows Credential Manager for luring the threat actor to engage with a file server decoy instead of a real asset.

Deployment in offline or air-gapped networks

FortiDeceptor supports deployment in offline/air-gapped networks by allowing you to download and import all software components like deception OS VMs, firmware, FDS packages (IPS/AV/WEB), and licenses via the management console GUI or the support portal.

FortiDeceptor integrates with FortiManager to automatically download FDS packages (IPS/AV/WEB) using the FortiGuard override FDN configuration.