Detection Devices
The Detection Devices page allows you to configure integrations with FortiSandbox, Cuckoo Sandbox, and Virus Total devices.
FortiSandbox
The integration between FortiDeceptor and FortiSandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.
To configure integration with FortiSandbox:
- Go to Fabric > Detection Devices.
- Enable FortiSandbox.
- Configure the following parameters:
- Click on the Test button to ensure the API connection is working properly.
- Click Save to store the configuration
Cuckoo Sandbox
The integration between FortiDeceptor and Cuckoo Sandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.
To configure integration with Cuckoo Sandbox:
- Go to Fabric > Detection Devices.
- Enable Cuckoo Sandbox .
- Configure the following parameters:
Name The Fabric connector name IP/URL Type the Cuckoo Sandbox IP address or URL Port Type the Cuckoo SandboxAPI port. (default is 1337) API Token Type the API Token located in the Cuckoo Sandbox's configuration file. - Click on the Test button to ensure the API connection is working properly.
- Click Save to store the configuration
Virus Total
The integration between FortiDeceptor and the well-known Virus Total service allows the submission of suspicious files (MD5) for malware analysis. When integrated, Virus Total detection ratios will be displayed in the incident analysis alert Workflow for relevant events.
Virus Total engages with multiple service providers to perform the same file inspection. Some service providers return a score of 0, meaning it is not malware, whereas other providers return a score of 1, meaning it is malware. Virus Total then returns a ratio such as 15/36 that indicates 15 out of 36 service providers determined the file is malware.
To configure integration with VirusTotal:
- Join the VirusTotal Community.
- In your personal settings section find your personal API key in your personal settings section.
- Go to Fabric > Detection Devices.
- Enable VirusTotal.
- In VT API Key field enter the your Virus Total personal API key.
- Click Save.