Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Deployment Map

The Deployment Map is a visual representation of the entire network showing real endpoints and decoy VMs. Click a node on the map to view its details. Use Discover & Deploy to detect the OSes for all the assets on the network and automatically deploy decoys for those OSes.

If you know the IP of an endpoint or partition, you can search for it with the Locate By IP box.

The nodes on the map are color-coded by importance:

Node

Color

Description

Partition

White

Click the node to view the Network Partition ID, Interface port, and subnet.

Incident

Red

A glowing red node indicates the decoys have been attacked.

Click the node to view the Decoy ID, view incidents in the Analysis page.

Decoy

Pink

Click to start or stop the, view its configuration, save the decoy as a template, or delete it.

Lure

Coral

Click to view the Decoy type, Service, and data such as the username and password.

Endpoint

Green

Click to view the IP, MAC address, and OS.

Proposed

Yellow

Click a yellow node to edit its settings, generate lures, duplicate, or delete it.

Unavailable

Grey

FortiDeceptor cannot retrieve data for the asset.

Discover & Deploy

Use Discover & Deploy to detect the OSes for all the assets on the network. After the OSes are discovered, FortiDeceptor will attempt to create decoys to auto-fit the assets in the network.

To discover OSes and auto-deploy decoys:
  1. Click Discover & Deploy. The Discovery & Deployment dialog opens.
  2. Configure the discover settings.

    Select Networks to Scan Select the ports on the network you want to discover.
    Add Deployment Network Click to open the Add New Vlan/Subnet dialog. See Deployment Network.
    Additional TCP Scan Port Enter the additional scan ports. The default scan ports are 21, 22, 23, 25, 53, 69, 80, 110, 135, 137, 1378, 139, 143, 443, 445, 993, 995, 1433, 3306, 3389, 5900, 8080.
    Decoys per VLAN/Subnet Enter the number of decoys per VLAN based on the asset discovery results.
  3. Click Discover and wait a few minutes for the system to complete the discovery. The results are displayed.

    OS Covered The OSes FortiDeceptor can cover with a suitable decoy for auto-deployment.
    Total auto-deploy decoys The number of decoys that are suitable for auto-deployment.
    Total coverage The percentage of assets that will be covered by the deployment.
    Download assets list CSV Click to download the asset list as CSV file.
  4. Click Accept & Deploy. FortiDeceptor deploys the decoys.

Deployment Map

The Deployment Map is a visual representation of the entire network showing real endpoints and decoy VMs. Click a node on the map to view its details. Use Discover & Deploy to detect the OSes for all the assets on the network and automatically deploy decoys for those OSes.

If you know the IP of an endpoint or partition, you can search for it with the Locate By IP box.

The nodes on the map are color-coded by importance:

Node

Color

Description

Partition

White

Click the node to view the Network Partition ID, Interface port, and subnet.

Incident

Red

A glowing red node indicates the decoys have been attacked.

Click the node to view the Decoy ID, view incidents in the Analysis page.

Decoy

Pink

Click to start or stop the, view its configuration, save the decoy as a template, or delete it.

Lure

Coral

Click to view the Decoy type, Service, and data such as the username and password.

Endpoint

Green

Click to view the IP, MAC address, and OS.

Proposed

Yellow

Click a yellow node to edit its settings, generate lures, duplicate, or delete it.

Unavailable

Grey

FortiDeceptor cannot retrieve data for the asset.

Discover & Deploy

Use Discover & Deploy to detect the OSes for all the assets on the network. After the OSes are discovered, FortiDeceptor will attempt to create decoys to auto-fit the assets in the network.

To discover OSes and auto-deploy decoys:
  1. Click Discover & Deploy. The Discovery & Deployment dialog opens.
  2. Configure the discover settings.

    Select Networks to Scan Select the ports on the network you want to discover.
    Add Deployment Network Click to open the Add New Vlan/Subnet dialog. See Deployment Network.
    Additional TCP Scan Port Enter the additional scan ports. The default scan ports are 21, 22, 23, 25, 53, 69, 80, 110, 135, 137, 1378, 139, 143, 443, 445, 993, 995, 1433, 3306, 3389, 5900, 8080.
    Decoys per VLAN/Subnet Enter the number of decoys per VLAN based on the asset discovery results.
  3. Click Discover and wait a few minutes for the system to complete the discovery. The results are displayed.

    OS Covered The OSes FortiDeceptor can cover with a suitable decoy for auto-deployment.
    Total auto-deploy decoys The number of decoys that are suitable for auto-deployment.
    Total coverage The percentage of assets that will be covered by the deployment.
    Download assets list CSV Click to download the asset list as CSV file.
  4. Click Accept & Deploy. FortiDeceptor deploys the decoys.