Fortinet black logo

Deploy the FortiDeceptor Token Package

Copy Link
Copy Doc ID e09daf98-5af9-11e9-81a4-00505692583a:782334
Download PDF

Deploy the FortiDeceptor Token Package

A FortiDeceptor Token Package is used to add breadcrumbs on real endpoints and lure an attacker to a Deception VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface.

To download and deploy a FortiDeceptor Token Package on an existing endpoint:
  1. Go to Deception > Deception Status.
  2. Select the Deception VM.
  3. Click Download Package to download the FortiDeceptor Token Package. Packages can only be downloaded from Deceptions VMs with valid IP and that are in the following status: Initialized, Stopped, Running, or Failed.
  4. Copy the FortiDeceptor Token Package to an endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the windows_token.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute python ./ubuntu_token.py.

    Once the FortiDeceptor Token Package is installed on a real Windows or Ubuntu endpoint, it increases the deception surface and lures the attacker to a Deception VM.

To uninstall a FortiDeceptor Token Package:
  1. Go to Deception > Deception Status.
  2. Select the Deception VM.
  3. Click Download Package to download the FortiDeceptor Token Package.
  4. Copy the FortiDeceptor Token Package to the endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the uninstall.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute ubuntu/uninstall.py.

Deploy the FortiDeceptor Token Package

A FortiDeceptor Token Package is used to add breadcrumbs on real endpoints and lure an attacker to a Deception VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface.

To download and deploy a FortiDeceptor Token Package on an existing endpoint:
  1. Go to Deception > Deception Status.
  2. Select the Deception VM.
  3. Click Download Package to download the FortiDeceptor Token Package. Packages can only be downloaded from Deceptions VMs with valid IP and that are in the following status: Initialized, Stopped, Running, or Failed.
  4. Copy the FortiDeceptor Token Package to an endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the windows_token.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute python ./ubuntu_token.py.

    Once the FortiDeceptor Token Package is installed on a real Windows or Ubuntu endpoint, it increases the deception surface and lures the attacker to a Deception VM.

To uninstall a FortiDeceptor Token Package:
  1. Go to Deception > Deception Status.
  2. Select the Deception VM.
  3. Click Download Package to download the FortiDeceptor Token Package.
  4. Copy the FortiDeceptor Token Package to the endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the uninstall.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute ubuntu/uninstall.py.