Fortinet white logo
Fortinet white logo

Administration Guide

Deployment Map

Deployment Map

The Deployment Map is a visual representation of the entire network showing real endpoints and decoy VMs. Click a node on the map to view its details. Use Discover & Deploy to detect the OSes for all the assets on the network and automatically deploy decoys for those OSes.

If you know the IP of an endpoint or partition, you can search for it with the Locate By IP box.

The nodes on the map are color-coded by importance:

Node

Color

Description

Partition

White

Click the node to view the Network Partition ID, Interface port, and subnet.

Incident

Red

A glowing red node indicates the decoys have been attacked.

Click the node to view the Decoy ID, view incidents in the Analysis page.

Decoy

Pink

Click to start or stop the, view its configuration, save the decoy as a template, or delete it.

Lure

Coral

Click to view the Decoy type, Service, and data such as the username and password.

Endpoint

Green

Click to view the IP, MAC address, and OS.

Proposed

Yellow

Click a yellow node to edit its settings, generate lures, duplicate, or delete it.

Unavailable

Grey

FortiDeceptor cannot retrieve data for the asset.

Discover & Deploy

Use Discover & Deploy to detect the OSes for the assets on the network. After the OSes are discovered, FortiDeceptor will attempt to create decoys to auto-fit the assets in the network.

Note

Discover & Deploy requires specific Monitor IPs for the Deployment Network. See, Deployment Network.

To discover OSes and auto-deploy decoys:
  1. Click Discover & Deploy. The Discovery & Deployment dialog opens.
  2. Configure the discover settings.

    Select Networks to ScanSelect the ports on the network you want to discover.
    Add Deployment NetworkClick to open the Add New Vlan/Subnet dialog. See Deployment Network.
    Additional TCP Scan PortEnter the additional scan ports. The default scan ports are 21, 22, 23, 25, 53, 69, 80, 110, 135, 137, 1378, 139, 143, 443, 445, 993, 995, 1433, 3306, 3389, 5900, 8080.
    Decoys per VLAN/SubnetEnter the number of decoys per VLAN based on the asset discovery results.
  3. Click Discover and wait a few minutes for the system to complete the discovery. The results are displayed.

    OS CoveredThe OSes FortiDeceptor can cover with a suitable decoy for auto-deployment.
    Total auto-deploy decoysThe number of decoys that are suitable for auto-deployment.
    Total coverageThe percentage of assets that will be covered by the deployment.
    Download assets list CSVClick to download the asset list as CSV file.
  4. Click Accept & Deploy. FortiDeceptor deploys the decoys.

Deployment Map

Deployment Map

The Deployment Map is a visual representation of the entire network showing real endpoints and decoy VMs. Click a node on the map to view its details. Use Discover & Deploy to detect the OSes for all the assets on the network and automatically deploy decoys for those OSes.

If you know the IP of an endpoint or partition, you can search for it with the Locate By IP box.

The nodes on the map are color-coded by importance:

Node

Color

Description

Partition

White

Click the node to view the Network Partition ID, Interface port, and subnet.

Incident

Red

A glowing red node indicates the decoys have been attacked.

Click the node to view the Decoy ID, view incidents in the Analysis page.

Decoy

Pink

Click to start or stop the, view its configuration, save the decoy as a template, or delete it.

Lure

Coral

Click to view the Decoy type, Service, and data such as the username and password.

Endpoint

Green

Click to view the IP, MAC address, and OS.

Proposed

Yellow

Click a yellow node to edit its settings, generate lures, duplicate, or delete it.

Unavailable

Grey

FortiDeceptor cannot retrieve data for the asset.

Discover & Deploy

Use Discover & Deploy to detect the OSes for the assets on the network. After the OSes are discovered, FortiDeceptor will attempt to create decoys to auto-fit the assets in the network.

Note

Discover & Deploy requires specific Monitor IPs for the Deployment Network. See, Deployment Network.

To discover OSes and auto-deploy decoys:
  1. Click Discover & Deploy. The Discovery & Deployment dialog opens.
  2. Configure the discover settings.

    Select Networks to ScanSelect the ports on the network you want to discover.
    Add Deployment NetworkClick to open the Add New Vlan/Subnet dialog. See Deployment Network.
    Additional TCP Scan PortEnter the additional scan ports. The default scan ports are 21, 22, 23, 25, 53, 69, 80, 110, 135, 137, 1378, 139, 143, 443, 445, 993, 995, 1433, 3306, 3389, 5900, 8080.
    Decoys per VLAN/SubnetEnter the number of decoys per VLAN based on the asset discovery results.
  3. Click Discover and wait a few minutes for the system to complete the discovery. The results are displayed.

    OS CoveredThe OSes FortiDeceptor can cover with a suitable decoy for auto-deployment.
    Total auto-deploy decoysThe number of decoys that are suitable for auto-deployment.
    Total coverageThe percentage of assets that will be covered by the deployment.
    Download assets list CSVClick to download the asset list as CSV file.
  4. Click Accept & Deploy. FortiDeceptor deploys the decoys.