Fortinet white logo
Fortinet white logo

Administration Guide

Deploying AWS deception keys

Deploying AWS deception keys

To deploy AWS deceptions keys, first create the keys in AWS, then upload them to the FortiDeceptor and create a new campaign.

To create the deception keys:
  1. Log in to your AWS administrator account.
  2. Create an AWS IAM user and set Select AWS credential type to Access key - Programmatic access, then click Next :Permissions.

  3. Do not assign permissions to the user then click Next: Tags.

  4. Review the User Details. Ensure Permissions boundary is not set. The click Create User.

  5. Download the CSV file.

  6. Copy the AWS Region, AWS Access Key ID, AWS Secret Access into a text file using the following format.

    AWS Access Key ID:AWS Secret Access:AWS Region:AWSusername

    For example: AKIAYQPWFHIOXNLOfABC:RtYT6itnhKISsv+sbWfdafdsafgwkazgOQYlDgdU:us-east-1:managerhenry

    Use the Enter on your keyboard to separate multiple users.

  7. Use a script to create hundreds users without any permissions.
  8. Create a new AWS Connector user.

  9. Set the permissions to Attach existing polices directly and select AWSCloudTrail_ReadOnlyAccess.

  10. Review the user permissions and click Create user.

To deploy the deception keys in FortiDeceptor:
  1. Log in to FortiDeceptor and go to Deception > Lure Resources.
  2. Upload the text file with AWS users you created in the previous task.

  3. Go to Fabric > Quarantine Integration > +Quarantine Integration With New Device and configure the integration.
    Integrate methodSelect AWS Key.
    AWS RegionEnter the region for the AWS Connector user you created in the previous task.
    AWS Access Key IDEnter the access key ID for the AWS Connector user you created in the previous task.
    AWS Secret Access KeyEnter the secret access key for the AWS Connector user you created in the previous task.

  4. Go to Deception > Deception Token > Token Campaign.
  5. Click + Campaign and select the AWS lure you unloaded in Step 2.

  6. Click Generate API Auth Key and click Save.

Deploying AWS deception keys

Deploying AWS deception keys

To deploy AWS deceptions keys, first create the keys in AWS, then upload them to the FortiDeceptor and create a new campaign.

To create the deception keys:
  1. Log in to your AWS administrator account.
  2. Create an AWS IAM user and set Select AWS credential type to Access key - Programmatic access, then click Next :Permissions.

  3. Do not assign permissions to the user then click Next: Tags.

  4. Review the User Details. Ensure Permissions boundary is not set. The click Create User.

  5. Download the CSV file.

  6. Copy the AWS Region, AWS Access Key ID, AWS Secret Access into a text file using the following format.

    AWS Access Key ID:AWS Secret Access:AWS Region:AWSusername

    For example: AKIAYQPWFHIOXNLOfABC:RtYT6itnhKISsv+sbWfdafdsafgwkazgOQYlDgdU:us-east-1:managerhenry

    Use the Enter on your keyboard to separate multiple users.

  7. Use a script to create hundreds users without any permissions.
  8. Create a new AWS Connector user.

  9. Set the permissions to Attach existing polices directly and select AWSCloudTrail_ReadOnlyAccess.

  10. Review the user permissions and click Create user.

To deploy the deception keys in FortiDeceptor:
  1. Log in to FortiDeceptor and go to Deception > Lure Resources.
  2. Upload the text file with AWS users you created in the previous task.

  3. Go to Fabric > Quarantine Integration > +Quarantine Integration With New Device and configure the integration.
    Integrate methodSelect AWS Key.
    AWS RegionEnter the region for the AWS Connector user you created in the previous task.
    AWS Access Key IDEnter the access key ID for the AWS Connector user you created in the previous task.
    AWS Secret Access KeyEnter the secret access key for the AWS Connector user you created in the previous task.

  4. Go to Deception > Deception Token > Token Campaign.
  5. Click + Campaign and select the AWS lure you unloaded in Step 2.

  6. Click Generate API Auth Key and click Save.