Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 5.0.0 Administration Guide
    5.0.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Integration with FortiSandbox

    Integration with FortiSandbox

    FortiSandbox is an anti-virus engine. When integrated, FortiDeceptor submits malware to FortiSandbox and retrieves the scanning result.

    To integrate FortiDeceptor with FortiSandbox:
    1. Create a new user role in FortiSandbox.
    2. Integrate FortiDeceptor with FortiSandbox.
    3. Verify the scanning results in FortiDeceptor and FortiSandbox.

    1. Create a new user role in FortiSandbox

    Create a new user role whose with privileges to access JSON API.

    1. Create an Admin Profile with JSON API privileges. For information, see Admin Profiles in the FortiSandbox Administration Guide.
      1. Go to System > Admin Profiles and click Create New.
      2. Give the profile a descriptive Name such as testApi.
      3. Under Control Access, select JSON API. Configure the other settings as required and click Save.

    2. Create a new administrator with the profile you just created. For information see Administrators in the FortiSandbox Administration Guide.
      1. Go to System > Administrators, click Create New.
      2. Set administrator name and password.
      3. From the Admin Profile dropdown, select the profile you just created and click OK.

    2. Integrate FortiDeceptor with FortiSandbox

    1. Configure a user on FortiSandbox to use for access from FortiDeceptor.
    2. In FortiDeceptor, go to Fabric > Detection Device. The Fabric Detection dialog opens.
    3. Enable FortiSandbox.
    4. Configure the device settings and click Save.

    3. Verify the scanning results in FortiDeceptor and FortiSandbox

    1. Send a SMB/FTP put attack to the decoy from the endpoint.
    2. To verify the results in FortiDeceptor:
      1. Go to Incident > Analysis.
      2. Expand the incident and a make a note of the filename in the MD5 field and the FortiSandbox Result.

    3. To verify the results in FortiSandbox:
      1. Go to Scan Job > File Job Search.
      2. Search for the filename and verify the Rating is the same as the FortiSandbox Result in FortiDeceptor.

    Previous
    Next

    Integration with FortiSandbox

    Integration with FortiSandbox

    FortiSandbox is an anti-virus engine. When integrated, FortiDeceptor submits malware to FortiSandbox and retrieves the scanning result.

    To integrate FortiDeceptor with FortiSandbox:
    1. Create a new user role in FortiSandbox.
    2. Integrate FortiDeceptor with FortiSandbox.
    3. Verify the scanning results in FortiDeceptor and FortiSandbox.

    1. Create a new user role in FortiSandbox

    Create a new user role whose with privileges to access JSON API.

    1. Create an Admin Profile with JSON API privileges. For information, see Admin Profiles in the FortiSandbox Administration Guide.
      1. Go to System > Admin Profiles and click Create New.
      2. Give the profile a descriptive Name such as testApi.
      3. Under Control Access, select JSON API. Configure the other settings as required and click Save.

    2. Create a new administrator with the profile you just created. For information see Administrators in the FortiSandbox Administration Guide.
      1. Go to System > Administrators, click Create New.
      2. Set administrator name and password.
      3. From the Admin Profile dropdown, select the profile you just created and click OK.

    2. Integrate FortiDeceptor with FortiSandbox

    1. Configure a user on FortiSandbox to use for access from FortiDeceptor.
    2. In FortiDeceptor, go to Fabric > Detection Device. The Fabric Detection dialog opens.
    3. Enable FortiSandbox.
    4. Configure the device settings and click Save.

    3. Verify the scanning results in FortiDeceptor and FortiSandbox

    1. Send a SMB/FTP put attack to the decoy from the endpoint.
    2. To verify the results in FortiDeceptor:
      1. Go to Incident > Analysis.
      2. Expand the incident and a make a note of the filename in the MD5 field and the FortiSandbox Result.

    3. To verify the results in FortiSandbox:
      1. Go to Scan Job > File Job Search.
      2. Search for the filename and verify the Rating is the same as the FortiSandbox Result in FortiDeceptor.

    Previous
    Next