Fortinet black logo

Administration Guide

Detection Devices

Copy Link
Copy Doc ID 94250e1c-2251-11ed-9eba-fa163e15d75b:732297
Download PDF

Detection Devices

The Detection Devices page allows you to configure integrations with FortiSandbox, Cuckoo Sandbox, and Virus Total devices.

FortiSandbox

The integration between FortiDeceptor and FortiSandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

To configure integration with FortiSandbox:
  1. Go to Fabric > Detection Devices.
  2. Enable FortiSandbox.
  3. Configure the following parameters:
    NameThe Fabric connector name
    IP/URLType the FortiSandbox IP address or URL
    PortType the FortiSandbox API port. (default is 443)
    UsernameType the API username. (please configure it on the Sandbox Console)
    PasswordType the API password. (please configure it on the Sandbox Console)
  4. Click on the Test button to ensure the API connection is working properly.
  5. Click Save to store the configuration

Cuckoo Sandbox

The integration between FortiDeceptor and Cuckoo Sandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

To configure integration with Cuckoo Sandbox:
  1. Go to Fabric > Detection Devices.
  2. Enable Cuckoo Sandbox .
  3. Configure the following parameters:
    NameThe Fabric connector name
    IP/URLType the Cuckoo Sandbox IP address or URL
    PortType the Cuckoo SandboxAPI port. (default is 1337)
    API Token Type the API Token located in the Cuckoo Sandbox's configuration file.
  4. Click on the Test button to ensure the API connection is working properly.
  5. Click Save to store the configuration

Virus Total

The integration between FortiDeceptor and the well-known Virus Total service allows the submission of suspicious files (MD5) for malware analysis. When integrated, Virus Total detection ratios will be displayed in the incident analysis alert Workflow for relevant events.

Virus Total engages with multiple service providers to perform the same file inspection. Some service providers return a score of 0, meaning it is not malware, whereas other providers return a score of 1, meaning it is malware. Virus Total then returns a ratio such as 15/36 that indicates 15 out of 36 service providers determined the file is malware.

To configure integration with VirusTotal:
  1. Join the VirusTotal Community.
  2. In your personal settings section find your personal API key in your personal settings section.
  3. Go to Fabric > Detection Devices.
  4. Enable VirusTotal.
  5. In VT API Key field enter the your Virus Total personal API key.
  6. Click Save.

Detection Devices

The Detection Devices page allows you to configure integrations with FortiSandbox, Cuckoo Sandbox, and Virus Total devices.

FortiSandbox

The integration between FortiDeceptor and FortiSandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

To configure integration with FortiSandbox:
  1. Go to Fabric > Detection Devices.
  2. Enable FortiSandbox.
  3. Configure the following parameters:
    NameThe Fabric connector name
    IP/URLType the FortiSandbox IP address or URL
    PortType the FortiSandbox API port. (default is 443)
    UsernameType the API username. (please configure it on the Sandbox Console)
    PasswordType the API password. (please configure it on the Sandbox Console)
  4. Click on the Test button to ensure the API connection is working properly.
  5. Click Save to store the configuration

Cuckoo Sandbox

The integration between FortiDeceptor and Cuckoo Sandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

To configure integration with Cuckoo Sandbox:
  1. Go to Fabric > Detection Devices.
  2. Enable Cuckoo Sandbox .
  3. Configure the following parameters:
    NameThe Fabric connector name
    IP/URLType the Cuckoo Sandbox IP address or URL
    PortType the Cuckoo SandboxAPI port. (default is 1337)
    API Token Type the API Token located in the Cuckoo Sandbox's configuration file.
  4. Click on the Test button to ensure the API connection is working properly.
  5. Click Save to store the configuration

Virus Total

The integration between FortiDeceptor and the well-known Virus Total service allows the submission of suspicious files (MD5) for malware analysis. When integrated, Virus Total detection ratios will be displayed in the incident analysis alert Workflow for relevant events.

Virus Total engages with multiple service providers to perform the same file inspection. Some service providers return a score of 0, meaning it is not malware, whereas other providers return a score of 1, meaning it is malware. Virus Total then returns a ratio such as 15/36 that indicates 15 out of 36 service providers determined the file is malware.

To configure integration with VirusTotal:
  1. Join the VirusTotal Community.
  2. In your personal settings section find your personal API key in your personal settings section.
  3. Go to Fabric > Detection Devices.
  4. Enable VirusTotal.
  5. In VT API Key field enter the your Virus Total personal API key.
  6. Click Save.