Fortinet black logo

Administration Guide

Home FortiDeceptor 5.0.0 Administration Guide
5.0.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

Mail Server

Mail Server

Use the Mail Server page to send incident alerts. You can also create custom delivery rules.

Creating incident alerts

To send incident alerts:
  1. Go to System > Mail Server. The Mail Server page opens.
  2. Enable Send Incidents Alerts.
  3. Configure the mail server settings.

    SMTP Server Address

    SMTP server address.

    Port

    SMTP server port number.

    From

    The mail server email account. This is the "from" address.

    Login User

    The mail server login account.

    Login Password

    Enter and confirm the password.

  4. (Optional) Click Send Test Email to send a test email to one or more email addresses. If an error occurs, the error message appears at the top of the page and is recorded in the System Logs.
  5. Click Save.
  6. Click Reset to restore the default settings.

Creating alert delivery rules

To create a custom alert delivery rule:
  1. Click Customer Alert Deliver Rule. The Custom Alert Rule dialog opens.
  2. Enable the rule. When enabled, FortiDeceptor sends an email alert to the Receiver Email List according to the rule
  3. Configure the rule settings.

    Name

    Enter a name for the rule.

    Alert Severity

    Select Low, Medium, High, or Critical.

    Alert Type

    Select Connection, Reconnaissance, Interaction, or Infection.

    Incident Alert Section

    Select All, Interaction Events Only, IPS events only, or Web filter events only.

    Binary Infection

    This options is available when the Alert Type is Interaction or Infection .

    Select Yes to be alerted when an attacker drops or downloads suspicious files into decoys.

    Attacker IP

    Enter one or more values for the attacker IP address

    Attacker User

    Enter one or more values for the attacker username.

    To trigger the rule, the username entered by the attacker and the value for Attacker User must be exactly same. The string is case sensitive.

    Attacker Password

    Enter one or more values for the attacker password.

    To trigger the rule, the password entered by the attacker and the value for Attacker Password must be exactly same. The string is case sensitive.

    Operation Content

    Enter one or more key words that will trigger the rule.

    Operation Content supports exact and partial matches. For example, if the value is Monkey and the attacker enters Key, the rule is triggered. However, the rule is not triggered if the attacker only enters ey. Operation Content is not case sensitive.

    Victim Decoy Service

    Enter one or more decoy service port numbers.

    Recipients

    Enter one or more receiver email addresses.

    Tooltip

    The relationship between each of the lines in the rule is And. To trigger the rule, all the values must be met. For example, the rule is not triggered if the value for Attacker User is met, but the value for Attacker Password is not.

    The relationship for each line of the rule is Or. To trigger the rule, only one of the values must be met. For example, if the values for Attacker User are Admin and Admnistrator , the rule is triggered if only Admin is entered.

  4. Click Save.
Previous
Next

Mail Server

Use the Mail Server page to send incident alerts. You can also create custom delivery rules.

Creating incident alerts

To send incident alerts:
  1. Go to System > Mail Server. The Mail Server page opens.
  2. Enable Send Incidents Alerts.
  3. Configure the mail server settings.

    SMTP Server Address

    SMTP server address.

    Port

    SMTP server port number.

    From

    The mail server email account. This is the "from" address.

    Login User

    The mail server login account.

    Login Password

    Enter and confirm the password.

  4. (Optional) Click Send Test Email to send a test email to one or more email addresses. If an error occurs, the error message appears at the top of the page and is recorded in the System Logs.
  5. Click Save.
  6. Click Reset to restore the default settings.

Creating alert delivery rules

To create a custom alert delivery rule:
  1. Click Customer Alert Deliver Rule. The Custom Alert Rule dialog opens.
  2. Enable the rule. When enabled, FortiDeceptor sends an email alert to the Receiver Email List according to the rule
  3. Configure the rule settings.

    Name

    Enter a name for the rule.

    Alert Severity

    Select Low, Medium, High, or Critical.

    Alert Type

    Select Connection, Reconnaissance, Interaction, or Infection.

    Incident Alert Section

    Select All, Interaction Events Only, IPS events only, or Web filter events only.

    Binary Infection

    This options is available when the Alert Type is Interaction or Infection .

    Select Yes to be alerted when an attacker drops or downloads suspicious files into decoys.

    Attacker IP

    Enter one or more values for the attacker IP address

    Attacker User

    Enter one or more values for the attacker username.

    To trigger the rule, the username entered by the attacker and the value for Attacker User must be exactly same. The string is case sensitive.

    Attacker Password

    Enter one or more values for the attacker password.

    To trigger the rule, the password entered by the attacker and the value for Attacker Password must be exactly same. The string is case sensitive.

    Operation Content

    Enter one or more key words that will trigger the rule.

    Operation Content supports exact and partial matches. For example, if the value is Monkey and the attacker enters Key, the rule is triggered. However, the rule is not triggered if the attacker only enters ey. Operation Content is not case sensitive.

    Victim Decoy Service

    Enter one or more decoy service port numbers.

    Recipients

    Enter one or more receiver email addresses.

    Tooltip

    The relationship between each of the lines in the rule is And. To trigger the rule, all the values must be met. For example, the rule is not triggered if the value for Attacker User is met, but the value for Attacker Password is not.

    The relationship for each line of the rule is Or. To trigger the rule, only one of the values must be met. For example, if the values for Attacker User are Admin and Admnistrator , the rule is triggered if only Admin is entered.

  4. Click Save.
Previous
Next