Fortinet black logo

Administration Guide

Home FortiDeceptor 2.1.0 Administration Guide

Deploy the FortiDeceptor Token Package

2.1.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID 52ca6fc9-c9b4-11e9-8977-00505692583a:782334
Download PDF

Deploy the FortiDeceptor Token Package

A FortiDeceptor Token Package is used to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface.

Note

The saved view is associated with the administrator login and will remain saved, including after logging in and out, until the view is reset.
To download and deploy a FortiDeceptor Token Package on an existing endpoint:
  1. Go to Deception > Decoy & Lure Status.
  2. Select the Decoy VM(s) by clicking the appropriate check boxes. The topmost check box will select all VMs.
  3. Click Download Package to download the FortiDeceptor Token Package. Packages can only be downloaded from Deceptions VMs with valid IPs. They must also be in one of the following statuses: Initialized, Stopped, Running, or Failed.
  4. Copy the FortiDeceptor Token Package to an endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the windows_token.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute python ./ubuntu_token.py.

    Once the FortiDeceptor Token Package is installed on a real Windows or Ubuntu endpoint, it increases the deception surface and lures the attacker to a Decoy VM.

To uninstall a FortiDeceptor Token Package:
  1. Go to Deception > Decoy & Lure Status.
  2. Select the Decoy VM.
  3. Click Download Package to download the FortiDeceptor Token Package.
  4. Copy the FortiDeceptor Token Package to the endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the uninstall.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute ubuntu/uninstall.py.
Previous
Next

Deploy the FortiDeceptor Token Package

A FortiDeceptor Token Package is used to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface.

Note

The saved view is associated with the administrator login and will remain saved, including after logging in and out, until the view is reset.
To download and deploy a FortiDeceptor Token Package on an existing endpoint:
  1. Go to Deception > Decoy & Lure Status.
  2. Select the Decoy VM(s) by clicking the appropriate check boxes. The topmost check box will select all VMs.
  3. Click Download Package to download the FortiDeceptor Token Package. Packages can only be downloaded from Deceptions VMs with valid IPs. They must also be in one of the following statuses: Initialized, Stopped, Running, or Failed.
  4. Copy the FortiDeceptor Token Package to an endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the windows_token.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute python ./ubuntu_token.py.

    Once the FortiDeceptor Token Package is installed on a real Windows or Ubuntu endpoint, it increases the deception surface and lures the attacker to a Decoy VM.

To uninstall a FortiDeceptor Token Package:
  1. Go to Deception > Decoy & Lure Status.
  2. Select the Decoy VM.
  3. Click Download Package to download the FortiDeceptor Token Package.
  4. Copy the FortiDeceptor Token Package to the endpoint (Windows or Linux).
  5. Unzip the FortiDeceptor Token Package:
    • For Windows, copy the file under the Windows directory and execute the uninstall.exe by double-clicking the file.
    • For Ubuntu, open Terminal and execute ubuntu/uninstall.py.
Previous
Next