Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 5.0.0 Administration Guide
    5.0.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Mail Server

    Mail Server

    Use the Mail Server page to send incident alerts. You can also create custom delivery rules.

    Creating incident alerts

    To send incident alerts:
    1. Go to System > Mail Server. The Mail Server page opens.
    2. Enable Send Incidents Alerts.
    3. Configure the mail server settings.

      SMTP Server Address

      SMTP server address.

      Port

      SMTP server port number.

      From

      The mail server email account. This is the "from" address.

      Login User

      The mail server login account.

      Login Password

      Enter and confirm the password.

    4. (Optional) Click Send Test Email to send a test email to one or more email addresses. If an error occurs, the error message appears at the top of the page and is recorded in the System Logs.
    5. Click Save.
    6. Click Reset to restore the default settings.

    Creating alert delivery rules

    To create a custom alert delivery rule:
    1. Click Customer Alert Deliver Rule. The Custom Alert Rule dialog opens.
    2. Enable the rule. When enabled, FortiDeceptor sends an email alert to the Receiver Email List according to the rule
    3. Configure the rule settings.

      Name

      Enter a name for the rule.

      Alert Severity

      Select Low, Medium, High, or Critical.

      Alert Type

      Select Connection, Reconnaissance, Interaction, or Infection.

      Incident Alert Section

      Select All, Interaction Events Only, IPS events only, or Web filter events only.

      Binary Infection

      This options is available when the Alert Type is Interaction or Infection .

      Select Yes to be alerted when an attacker drops or downloads suspicious files into decoys.

      Attacker IP

      Enter one or more values for the attacker IP address

      Attacker User

      Enter one or more values for the attacker username.

      To trigger the rule, the username entered by the attacker and the value for Attacker User must be exactly same. The string is case sensitive.

      Attacker Password

      Enter one or more values for the attacker password.

      To trigger the rule, the password entered by the attacker and the value for Attacker Password must be exactly same. The string is case sensitive.

      Operation Content

      Enter one or more key words that will trigger the rule.

      Operation Content supports exact and partial matches. For example, if the value is Monkey and the attacker enters Key, the rule is triggered. However, the rule is not triggered if the attacker only enters ey. Operation Content is not case sensitive.

      Victim Decoy Service

      Enter one or more decoy service port numbers.

      Recipients

      Enter one or more receiver email addresses.

      Tooltip

      The relationship between each of the lines in the rule is And. To trigger the rule, all the values must be met. For example, the rule is not triggered if the value for Attacker User is met, but the value for Attacker Password is not.

      The relationship for each line of the rule is Or. To trigger the rule, only one of the values must be met. For example, if the values for Attacker User are Admin and Admnistrator , the rule is triggered if only Admin is entered.

    4. Click Save.
    Previous
    Next

    Mail Server

    Mail Server

    Use the Mail Server page to send incident alerts. You can also create custom delivery rules.

    Creating incident alerts

    To send incident alerts:
    1. Go to System > Mail Server. The Mail Server page opens.
    2. Enable Send Incidents Alerts.
    3. Configure the mail server settings.

      SMTP Server Address

      SMTP server address.

      Port

      SMTP server port number.

      From

      The mail server email account. This is the "from" address.

      Login User

      The mail server login account.

      Login Password

      Enter and confirm the password.

    4. (Optional) Click Send Test Email to send a test email to one or more email addresses. If an error occurs, the error message appears at the top of the page and is recorded in the System Logs.
    5. Click Save.
    6. Click Reset to restore the default settings.

    Creating alert delivery rules

    To create a custom alert delivery rule:
    1. Click Customer Alert Deliver Rule. The Custom Alert Rule dialog opens.
    2. Enable the rule. When enabled, FortiDeceptor sends an email alert to the Receiver Email List according to the rule
    3. Configure the rule settings.

      Name

      Enter a name for the rule.

      Alert Severity

      Select Low, Medium, High, or Critical.

      Alert Type

      Select Connection, Reconnaissance, Interaction, or Infection.

      Incident Alert Section

      Select All, Interaction Events Only, IPS events only, or Web filter events only.

      Binary Infection

      This options is available when the Alert Type is Interaction or Infection .

      Select Yes to be alerted when an attacker drops or downloads suspicious files into decoys.

      Attacker IP

      Enter one or more values for the attacker IP address

      Attacker User

      Enter one or more values for the attacker username.

      To trigger the rule, the username entered by the attacker and the value for Attacker User must be exactly same. The string is case sensitive.

      Attacker Password

      Enter one or more values for the attacker password.

      To trigger the rule, the password entered by the attacker and the value for Attacker Password must be exactly same. The string is case sensitive.

      Operation Content

      Enter one or more key words that will trigger the rule.

      Operation Content supports exact and partial matches. For example, if the value is Monkey and the attacker enters Key, the rule is triggered. However, the rule is not triggered if the attacker only enters ey. Operation Content is not case sensitive.

      Victim Decoy Service

      Enter one or more decoy service port numbers.

      Recipients

      Enter one or more receiver email addresses.

      Tooltip

      The relationship between each of the lines in the rule is And. To trigger the rule, all the values must be met. For example, the rule is not triggered if the value for Attacker User is met, but the value for Attacker Password is not.

      The relationship for each line of the rule is Or. To trigger the rule, only one of the values must be met. For example, if the values for Attacker User are Admin and Admnistrator , the rule is triggered if only Admin is entered.

    4. Click Save.
    Previous
    Next