Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 5.3.2 Administration Guide
    5.3.2
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Detection Devices

    Detection Devices

    The Detection Devices page allows you to configure integrations with FortiSandbox, Cuckoo Sandbox, and Virus Total devices.

    FortiSandbox

    The integration between FortiDeceptor and FortiSandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

    To configure integration with FortiSandbox:
    1. Go to Fabric > Detection Devices.
    2. Enable FortiSandbox.
    3. Configure the following parameters:

      Type

      Select Appliance or Cloud.

      IP/URLType the FortiSandbox appliance or cloud IP address or URL
      PortType the FortiSandbox API port. Default is 443.
      UsernameType the API username for the FortiDeceptor appliance. You can configure the API username in FortiSandbox.
      PasswordType the API password for the FortiDeceptor appliance. You can configure the API password in FortiSandbox.

      Token Access

      Type the Token for FortiSandbox Cloud. You can find this in FortiSandbox Cloud CLI with the following command: login-token

      User ID

      Type the FortiSandbox Cloud User ID.

    4. Click the Test button to ensure the API connection is working properly.
    5. Click Save to store the configuration

    Cuckoo Sandbox

    The integration between FortiDeceptor and Cuckoo Sandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

    To configure integration with Cuckoo Sandbox:
    1. Go to Fabric > Detection Devices.
    2. Enable Cuckoo Sandbox .
    3. Configure the following parameters:
      NameThe Fabric connector name
      IP/URLType the Cuckoo Sandbox IP address or URL
      PortType the Cuckoo SandboxAPI port. (default is 1337)
      API Token Type the API Token located in the Cuckoo Sandbox's configuration file.
    4. Click on the Test button to ensure the API connection is working properly.
    5. Click Save to store the configuration

    Virus Total

    The integration between FortiDeceptor and the well-known Virus Total service allows the submission of suspicious files (MD5) for malware analysis. When integrated, Virus Total detection ratios will be displayed in the incident analysis alert Workflow for relevant events.

    Virus Total engages with multiple service providers to perform the same file inspection. Some service providers return a score of 0, meaning it is not malware, whereas other providers return a score of 1, meaning it is malware. Virus Total then returns a ratio such as 15/36 that indicates 15 out of 36 service providers determined the file is malware.

    To configure integration with VirusTotal:
    1. Join the VirusTotal Community.
    2. In your personal settings section find your personal API key in your personal settings section.
    3. Go to Fabric > Detection Devices.
    4. Enable VirusTotal.
    5. In VT API Key field enter the your Virus Total personal API key.
    6. Click Save.
    Previous
    Next

    Detection Devices

    Detection Devices

    The Detection Devices page allows you to configure integrations with FortiSandbox, Cuckoo Sandbox, and Virus Total devices.

    FortiSandbox

    The integration between FortiDeceptor and FortiSandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

    To configure integration with FortiSandbox:
    1. Go to Fabric > Detection Devices.
    2. Enable FortiSandbox.
    3. Configure the following parameters:

      Type

      Select Appliance or Cloud.

      IP/URLType the FortiSandbox appliance or cloud IP address or URL
      PortType the FortiSandbox API port. Default is 443.
      UsernameType the API username for the FortiDeceptor appliance. You can configure the API username in FortiSandbox.
      PasswordType the API password for the FortiDeceptor appliance. You can configure the API password in FortiSandbox.

      Token Access

      Type the Token for FortiSandbox Cloud. You can find this in FortiSandbox Cloud CLI with the following command: login-token

      User ID

      Type the FortiSandbox Cloud User ID.

    4. Click the Test button to ensure the API connection is working properly.
    5. Click Save to store the configuration

    Cuckoo Sandbox

    The integration between FortiDeceptor and Cuckoo Sandbox will provide a complete static and dynamic analysis against malicious code captured by the network decoys. The malware analysis report will be available on the FortiDeceptor admin console.

    To configure integration with Cuckoo Sandbox:
    1. Go to Fabric > Detection Devices.
    2. Enable Cuckoo Sandbox .
    3. Configure the following parameters:
      NameThe Fabric connector name
      IP/URLType the Cuckoo Sandbox IP address or URL
      PortType the Cuckoo SandboxAPI port. (default is 1337)
      API Token Type the API Token located in the Cuckoo Sandbox's configuration file.
    4. Click on the Test button to ensure the API connection is working properly.
    5. Click Save to store the configuration

    Virus Total

    The integration between FortiDeceptor and the well-known Virus Total service allows the submission of suspicious files (MD5) for malware analysis. When integrated, Virus Total detection ratios will be displayed in the incident analysis alert Workflow for relevant events.

    Virus Total engages with multiple service providers to perform the same file inspection. Some service providers return a score of 0, meaning it is not malware, whereas other providers return a score of 1, meaning it is malware. Virus Total then returns a ratio such as 15/36 that indicates 15 out of 36 service providers determined the file is malware.

    To configure integration with VirusTotal:
    1. Join the VirusTotal Community.
    2. In your personal settings section find your personal API key in your personal settings section.
    3. Go to Fabric > Detection Devices.
    4. Enable VirusTotal.
    5. In VT API Key field enter the your Virus Total personal API key.
    6. Click Save.
    Previous
    Next