Fortinet white logo
Fortinet white logo

Administration Guide

Integration with FortiSandbox

Integration with FortiSandbox

FortiSandbox is an anti-virus engine. When integrated, FortiDeceptor submits malware to FortiSandbox and retrieves the scanning result.

To integrate FortiDeceptor with FortiSandbox:
  1. Create a new user role in FortiSandbox.
  2. Integrate FortiDeceptor with FortiSandbox.
  3. Verify the scanning results in FortiDeceptor and FortiSandbox.

1. Create a new user role in FortiSandbox

Create a new user role whose with privileges to access JSON API.

  1. Create an Admin Profile with JSON API privileges. For information, see Admin Profiles in the FortiSandbox Administration Guide.
    1. Go to System > Admin Profiles and click Create New.
    2. Give the profile a descriptive Name such as testApi.
    3. Under Control Access, select JSON API. Configure the other settings as required and click Save.
  2. Create a new administrator with the profile you just created. For information see Administrators in the FortiSandbox Administration Guide.
    1. Go to System > Administrators, click Create New.
    2. Set administrator name and password.
    3. From the Admin Profile dropdown, select the profile you just created and click OK.

2. Integrate FortiDeceptor with FortiSandbox

  1. Configure a user on FortiSandbox to use for access from FortiDeceptor.
  2. In FortiDeceptor, go to Fabric > Detection Device. The Fabric Detection dialog opens.
  3. Enable FortiSandbox.
  4. Configure the device settings and click Save.

3. Verify the scanning results in FortiDeceptor and FortiSandbox

  1. Send a SMB/FTP put attack to the decoy from the endpoint.
  2. To verify the results in FortiDeceptor:
    1. Go to Incident > Analysis.
    2. Expand the incident and a make a note of the filename in the MD5 field and the FortiSandbox Result.
  3. To verify the results in FortiSandbox:
    1. Go to Scan Job > File Job Search.
    2. Search for the filename and verify the Rating is the same as the FortiSandbox Result in FortiDeceptor.

Integration with FortiSandbox

Integration with FortiSandbox

FortiSandbox is an anti-virus engine. When integrated, FortiDeceptor submits malware to FortiSandbox and retrieves the scanning result.

To integrate FortiDeceptor with FortiSandbox:
  1. Create a new user role in FortiSandbox.
  2. Integrate FortiDeceptor with FortiSandbox.
  3. Verify the scanning results in FortiDeceptor and FortiSandbox.

1. Create a new user role in FortiSandbox

Create a new user role whose with privileges to access JSON API.

  1. Create an Admin Profile with JSON API privileges. For information, see Admin Profiles in the FortiSandbox Administration Guide.
    1. Go to System > Admin Profiles and click Create New.
    2. Give the profile a descriptive Name such as testApi.
    3. Under Control Access, select JSON API. Configure the other settings as required and click Save.
  2. Create a new administrator with the profile you just created. For information see Administrators in the FortiSandbox Administration Guide.
    1. Go to System > Administrators, click Create New.
    2. Set administrator name and password.
    3. From the Admin Profile dropdown, select the profile you just created and click OK.

2. Integrate FortiDeceptor with FortiSandbox

  1. Configure a user on FortiSandbox to use for access from FortiDeceptor.
  2. In FortiDeceptor, go to Fabric > Detection Device. The Fabric Detection dialog opens.
  3. Enable FortiSandbox.
  4. Configure the device settings and click Save.

3. Verify the scanning results in FortiDeceptor and FortiSandbox

  1. Send a SMB/FTP put attack to the decoy from the endpoint.
  2. To verify the results in FortiDeceptor:
    1. Go to Incident > Analysis.
    2. Expand the incident and a make a note of the filename in the MD5 field and the FortiSandbox Result.
  3. To verify the results in FortiSandbox:
    1. Go to Scan Job > File Job Search.
    2. Search for the filename and verify the Rating is the same as the FortiSandbox Result in FortiDeceptor.