Use a FortiDeceptor Token Package to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within real endpoints and other IT assets on the network to maximize the deception surface.
- Go to Deception > Decoy & Lure Status.
- Select the Decoy VM by clicking its checkbox.
- To download the FortiDeceptor Token Package, click Download Package.
You can only download packages with valid IP addresses. A package must have a status of Initialized, Stopped, Running, or Failed.
- Copy the downloaded FortiDeceptor Token Package to an endpoint such as a Windows or Linux endpoint.
- Unzip the FortiDeceptor Token Package.
- In the folder for the OS, such as windows or ubuntu, follow the instructions in README.txt to install or uninstall the Token Package.
- For Windows, open the windows folder, right-click windows_token.exe and select Run as administrator.
- For Ubuntu, open Terminal and run python ./ubuntu_token.py.
When the FortiDeceptor Token Package is installed on a real Windows or Ubuntu endpoint, it increases the deception surface and lures the attacker to a Decoy VM.