Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 5.2.0 Administration Guide
    5.2.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Lure Resources

    Lure Resources

    Use the Lure Resources page to view the current lure, upload resources such as Word and PDF files to automatically generate lures, and import a user name list from an LDAP server.

    Uploading lure resources

    Upload a lure resource to automatically generate lures. There are two types of lure resource:

    • Documents: Word and PDF files that generate authentic directories and files over the Decoy network shares.
    • Credential: Username (with password) list files that generate authentic credentials access to the network Decoys.
    To upload a lure resource:
    1. Go to Deception > Lure Resources.
    2. Click Upload. The Upload New Lure Resource dialog opens.
    3. From the Lure Type dropdown, select the lure type.
      Credential - Fake Users (txt)Upload a list file with fake users and passwords.
      Documents - Template (docx,pdf,zip)Upload files as a template. FortiDeceptor will insert content to build honey docs.
      Documents - Fake Content (zip)
    4. Upload Zip Word Document (.docx), PDF, Excel (.xlsx,.xlsm,.xltm,.xltx) then upload .zip file directly to FortiDeceptor.
      5. Credential – AWS Key (txt)

      Upload a list file with AWS users and passwords.

      Requirements:

      • Create AWS IAM users with no permissions. (Without real AWS user, the AWS platform will not generate a log that indicates the user access.)
      • Upload a text file with the correct AWS Region, AWS Access Key ID, AWS Secret Access in the format below.

        AWS Access Key ID:AWS Secret Access:AWS Region:AWSusername

      For more information, see Deploying AWS deception keys.

      Credential – Azure Keys (txt)

      Upload a list file with Azure Application IDs and Tenant IDs.

      Requirements:

      • Register Azure Application to get Application ID and Tenant ID.
      • Upload a text file with the correct Azure Application IDs, Tenant IDs in the format below.

        Application ID:display name:Tenant ID

        For example,

        35739ab1-0682-783a-88b3-722eb2ef51f1:MyAzureApplication:933b88cd-1b19-02a1-8dcf-1b21dabc61ba

      For more information, see .Deploying Azure deception keys.

      Certificate – Azure Certificate (pem,crt,cer)

      Upload a certificate with private Key and certificate.

      For example,

      -----BEGIN PRIVATE KEY-----

      <private_key>

      -----END PRIVATE KEY-----

      -----BEGIN CERTIFICATE-----

      <certificate>

      -----END CERTIFICATE-----

      For more information, see .Deploying Azure deception keys.

      Tooltip

      The Credential - Fake Users (txt) and Documents - Template (doc,docx,pdf,zip) options include sample files to help you create a resource.

    5. Enter an optional Tag, such as any.
    6. In the Resource File field, click Choose a file to upload the resource, or drag and drop it onto the field.
    7. Click Save.

    Importing users from LDAP

    To import an LDAP user list:
    1. Go to Deception > Lure Resources.
    2. Click Import Users from LDAP.
    3. Configure the import settings.

      VersionSelect the version from the dropdown.
      Bind DNUsername used to connect to the LDAP service on the specified LDAP Server.
      LDAP URL

      Enter the LDAP URL using the following format:

      [protocol///]host[:port][/basedn[?attribute,...][?scope][?filter]]

      Bind PasswordEnter the Bind DN's password.
      CA CertificatesSelect a certificate from the dropdown.
      Search LimitSearch sub-tree depth.
      TCP TimeoutEnter the TCP connection timeout in seconds.
      Search TimeoutEnter the search timeout in seconds.
      SASL Bind UserThe username to authenticate a DN on the directory server using SASL.
      SASL Bind MechanismThe username and password for authentication.

      Tag

      Enter a tag for the import.

      Scheduler Type

      Select One Time or Recurring

      Scheduler Timezone

      Select the timezone.

      Scheduler Start

      Select the scheduler start time.

      Scheduler End

      Select the scheduler end time.

      Scheduler Interval

      Select the Interval including Daily, Weekly or Monthly.

      Days

      Select the day.

      Time

      Select the time.

    4. Click Save.

    Examples: Import Users from LDAP

    Open LDAP example:

    "dn": "uid=test,o=org,dc=example,dc=com",

    "url": "ldap://192.168.0.100/o=org,dc=example,dc=com?uid?sub?(objectclass=*)",

    "password": "password"

    Windows AD example:

    "version": "3",

    "dn": "cn=users,cn=usergroup,dc=example,dc=com",

    "url": "ldap:192.168.0.100/cn=usergroup,dc=example,dc=com?sAMAccountName?sub?(objectClass=user)",

    "password": "password"

    Support is offered if the format of the tree can parse uid/sAMAccountName in the search results. Ensure the URL queries the proper data.

    Previous
    Next

    Lure Resources

    Lure Resources

    Use the Lure Resources page to view the current lure, upload resources such as Word and PDF files to automatically generate lures, and import a user name list from an LDAP server.

    Uploading lure resources

    Upload a lure resource to automatically generate lures. There are two types of lure resource:

    • Documents: Word and PDF files that generate authentic directories and files over the Decoy network shares.
    • Credential: Username (with password) list files that generate authentic credentials access to the network Decoys.
    To upload a lure resource:
    1. Go to Deception > Lure Resources.
    2. Click Upload. The Upload New Lure Resource dialog opens.
    3. From the Lure Type dropdown, select the lure type.
      Credential - Fake Users (txt)Upload a list file with fake users and passwords.
      Documents - Template (docx,pdf,zip)Upload files as a template. FortiDeceptor will insert content to build honey docs.
      Documents - Fake Content (zip)
    4. Upload Zip Word Document (.docx), PDF, Excel (.xlsx,.xlsm,.xltm,.xltx) then upload .zip file directly to FortiDeceptor.
      5. Credential – AWS Key (txt)

      Upload a list file with AWS users and passwords.

      Requirements:

      • Create AWS IAM users with no permissions. (Without real AWS user, the AWS platform will not generate a log that indicates the user access.)
      • Upload a text file with the correct AWS Region, AWS Access Key ID, AWS Secret Access in the format below.

        AWS Access Key ID:AWS Secret Access:AWS Region:AWSusername

      For more information, see Deploying AWS deception keys.

      Credential – Azure Keys (txt)

      Upload a list file with Azure Application IDs and Tenant IDs.

      Requirements:

      • Register Azure Application to get Application ID and Tenant ID.
      • Upload a text file with the correct Azure Application IDs, Tenant IDs in the format below.

        Application ID:display name:Tenant ID

        For example,

        35739ab1-0682-783a-88b3-722eb2ef51f1:MyAzureApplication:933b88cd-1b19-02a1-8dcf-1b21dabc61ba

      For more information, see .Deploying Azure deception keys.

      Certificate – Azure Certificate (pem,crt,cer)

      Upload a certificate with private Key and certificate.

      For example,

      -----BEGIN PRIVATE KEY-----

      <private_key>

      -----END PRIVATE KEY-----

      -----BEGIN CERTIFICATE-----

      <certificate>

      -----END CERTIFICATE-----

      For more information, see .Deploying Azure deception keys.

      Tooltip

      The Credential - Fake Users (txt) and Documents - Template (doc,docx,pdf,zip) options include sample files to help you create a resource.

    5. Enter an optional Tag, such as any.
    6. In the Resource File field, click Choose a file to upload the resource, or drag and drop it onto the field.
    7. Click Save.

    Importing users from LDAP

    To import an LDAP user list:
    1. Go to Deception > Lure Resources.
    2. Click Import Users from LDAP.
    3. Configure the import settings.

      VersionSelect the version from the dropdown.
      Bind DNUsername used to connect to the LDAP service on the specified LDAP Server.
      LDAP URL

      Enter the LDAP URL using the following format:

      [protocol///]host[:port][/basedn[?attribute,...][?scope][?filter]]

      Bind PasswordEnter the Bind DN's password.
      CA CertificatesSelect a certificate from the dropdown.
      Search LimitSearch sub-tree depth.
      TCP TimeoutEnter the TCP connection timeout in seconds.
      Search TimeoutEnter the search timeout in seconds.
      SASL Bind UserThe username to authenticate a DN on the directory server using SASL.
      SASL Bind MechanismThe username and password for authentication.

      Tag

      Enter a tag for the import.

      Scheduler Type

      Select One Time or Recurring

      Scheduler Timezone

      Select the timezone.

      Scheduler Start

      Select the scheduler start time.

      Scheduler End

      Select the scheduler end time.

      Scheduler Interval

      Select the Interval including Daily, Weekly or Monthly.

      Days

      Select the day.

      Time

      Select the time.

    4. Click Save.

    Examples: Import Users from LDAP

    Open LDAP example:

    "dn": "uid=test,o=org,dc=example,dc=com",

    "url": "ldap://192.168.0.100/o=org,dc=example,dc=com?uid?sub?(objectclass=*)",

    "password": "password"

    Windows AD example:

    "version": "3",

    "dn": "cn=users,cn=usergroup,dc=example,dc=com",

    "url": "ldap:192.168.0.100/cn=usergroup,dc=example,dc=com?sAMAccountName?sub?(objectClass=user)",

    "password": "password"

    Support is offered if the format of the tree can parse uid/sAMAccountName in the search results. Ensure the URL queries the proper data.

    Previous
    Next