Deploying Azure deception keys
To deploy Azure deception keys, first create the keys in Azure, then upload them to the FortiDeceptor and create a new campaign.
To create Microsoft Entra ID application keys for Lure Resource:
- Log in to your Azure account.
- Go to Microsoft Entra ID > App registrations > Register an application > Register. Do not assign any API permissions to this application.
- Go to Microsoft Entra ID > App registrations > All applications, and locate the application you created (for example, NewAPPsample1).
- Copy and paste the client ID and the tenant ID into a .txt file (for example KeysSample1.txt).
- Input multiple applications info into one .txt file, such as Keys3Samples.txt.
-
Locate the application you created (for example, NewAPPsample1). Go to Certificate & secrets > Certificates, and upload a certificate (public key).
To create Azure application keys for Azure Connector:
- Go to create an AD application for Azure Connector.
- Ensure that the required permissions are granted for the registration of this application.
For a Microsoft Graph User, following API/Permissions must be granted:
- User.Read.All
- User.ReadWrite.All
- GroupMember.Read.All
- GroupMember.ReadWrite.All
- Group.ReadWrite.All
- Group.Read.All
- AuditLog.Read.All
- Directory.Read.All
- Directory.ReadWrite.All
- User.ManageIdentities.All of type Application.
- Create the secret, and keep the client ID and tenant ID for the Azure Connector later.
To deploy the deception keys in FortiDeceptor:
- Log in to FortiDeceptor and go to Deception > Lure Resources and click Upload. You cannot select which Azure key is to be installed if you upload multiple keys at the same time.
- For Lure Type, select Credential - Azure Keys (txt) and upload the text file you created in the previous task ( for example, KeysSample1.txt) , and click Save.
If you kept the certificate file which includes certificate with private key, for Lure Type, select Azure Certificate, and upload the certificate file from 6.b.
- Go to Fabric > Quarantine Integration .
- Click +Quarantine Integration With New Device and configure the integration.
Integrate method
Select Azure Keys.
Client ID
Also called Application ID;Unique ID of the Azure Active Directory application.
Client Secret
Client Secret of the Microsoft Entra application that is used to create an authentication token required to access the API.
Tenant ID
Tenant ID provided for your Azure Active Directory.
Verify SSL
Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.
- Go to Deception > Deception Token > Token Campaign.
- Click + Campaign. Enable the toggle and use the default location or customized location to create the Azure keys campaign.
- Click Save.