Deploy the FortiDeceptor token package
Use a FortiDeceptor token package to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within real endpoints and other IT assets on the network to maximize the deception surface.
The following token types are available.
To download a FortiDeceptor token package:
- Go to Deception > Decoy & Lure Status.
- Select the Decoy VM by clicking its checkbox.
- To download the FortiDeceptor token package, click Download Package.
- You can only download packages with valid IP addresses.
- A package must have a status of Initialized, Stopped, Running, or Failed.
To deploy or uninstall a FortiDeceptor token package on an existing endpoint:
We recommended \you uninstall previous tokens before installing the new version tokens by following the uninstall instructions below. |
Install visual c++ 2015 redistributable package before installing the tokens on Windows 7. For more information, seeDeploying tokens using AD GPO logon script. |
- Copy the downloaded FortiDeceptor token package to an endpoint such as a Windows or Linux endpoint.
- Unzip the FortiDeceptor token package.
- In the folder for the OS, such as windows or ubuntu, follow the instructions in README.txt to install the token package.
- For Windows: Open the windows folder, and click the windows_token.exe to run it. ARP lures must be installed with administrator permission.
- For Ubuntu: Open Terminal and run python ./ubuntu_token.py.
- In the folder for the OS, such as windows or ubuntu, uninstall the token package.
For Windows: Open the windows folder, delete the res folder and doubleclick uninstall.bat to run it. ARP lures must be uninstalled with administrator permission.
For Ubuntu: Open Terminal, delete the res folder and run python ./uninstall.py.
When the FortiDeceptor token package is installed on a real Windows or Ubuntu endpoint, it increases the deception attack surface and lures the attacker to a Decoy VM.