Fortinet black logo

Administration Guide

Home FortiDeceptor 4.2.0 Administration Guide

Lure Resources

4.2.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID f93d05fe-c1b1-11ec-9fd1-fa163e15d75b:970019
Download PDF

Lure Resources

Use the Lure Resources page to view the current lure, upload resources such as Word and PDF files to automatically generate lures, and import a user name list from an LDAP server.

Uploading lure resources

Upload a lure resource to automatically generate lures. There are two types of lure resource

  • Documents: Word and PDF files that generate authentic directories and files over the Decoy network shares.
  • Credential: Username (with password) list files that generate authentic credentials access to the network Decoys.
To upload a lure resource:
  1. Go to Deception > Lure Resources.
  2. Click Upload. The Upload New Lure Resource dialog opens.
  3. From the Lure Type dropdown, select the lure type.

    • Credential - Fake Users (txt): Upload a list file with fake users and passwords.
    • Documents - Template (doc,docx,pdf,zip): Upload files as a template. FortiDeceptor will insert content to build honey docs.
    • Documents - Fake Content (zip): Upload files directly to FortiDeceptor.

    Tooltip

    The Credential - Fake Users (txt) and Documents - Template (doc,docx,pdf,zip) options include sample files to help you create a resource.

  4. Enter an optional Tag, such as any.
  5. In the Resource File field, click Choose a file to upload the resource, or drag and drop it onto the field.
  6. Click Save.

Importing users from LDAP

To import an LDAP user list:
  1. Go to Deception > Lure Resources.
  2. Click Import Users from LDAP.
  3. Configure the import settings.

    VersionSelect the version from the dropdown.
    Bind DNUsername used to connect to the LDAP service on the specified LDAP Server.
    LDAP URL

    Enter the LDAP URL using the following format:

    [protocol///]host[:port][/basedn[?attribute,...][?scope][?filter]]

    Bind PasswordEnter the Bind DN's password.
    CA CertificatesSelect a certificate from the dropdown.
    Search LimitSearch sub-tree depth.
    TCP TimeoutEnter the TCP connection timeout in seconds.
    Search TimeoutEnter the search timeout in seconds.
    SASL Bind UserThe username to authenticate a DN on the directory server using SASL.
    SASL Bind MechanismThe username and password for authentication.

    Tag

    Enter a tag for the import.

  4. Click Save.

Examples: Import Users from LDAP

Open LDAP example:

"dn": "uid=test,o=org,dc=example,dc=com",

"url": "ldap://192.168.0.100/o=org,dc=example,dc=com?uid?sub?(objectclass=*)",

"password": "password"

Windows AD example:

"version": "3",

"dn": "cn=users,cn=usergroup,dc=example,dc=com",

"url": "ldap:192.168.0.100/cn=usergroup,dc=example,dc=com?sAMAccountName?sub?(objectClass=user)",

"password": "password"

Support is offered if the format of the tree can parse uid/sAMAccountName in the search results. Ensure the URL queries the proper data.

Previous
Next

Lure Resources

Use the Lure Resources page to view the current lure, upload resources such as Word and PDF files to automatically generate lures, and import a user name list from an LDAP server.

Uploading lure resources

Upload a lure resource to automatically generate lures. There are two types of lure resource

  • Documents: Word and PDF files that generate authentic directories and files over the Decoy network shares.
  • Credential: Username (with password) list files that generate authentic credentials access to the network Decoys.
To upload a lure resource:
  1. Go to Deception > Lure Resources.
  2. Click Upload. The Upload New Lure Resource dialog opens.
  3. From the Lure Type dropdown, select the lure type.

    • Credential - Fake Users (txt): Upload a list file with fake users and passwords.
    • Documents - Template (doc,docx,pdf,zip): Upload files as a template. FortiDeceptor will insert content to build honey docs.
    • Documents - Fake Content (zip): Upload files directly to FortiDeceptor.

    Tooltip

    The Credential - Fake Users (txt) and Documents - Template (doc,docx,pdf,zip) options include sample files to help you create a resource.

  4. Enter an optional Tag, such as any.
  5. In the Resource File field, click Choose a file to upload the resource, or drag and drop it onto the field.
  6. Click Save.

Importing users from LDAP

To import an LDAP user list:
  1. Go to Deception > Lure Resources.
  2. Click Import Users from LDAP.
  3. Configure the import settings.

    VersionSelect the version from the dropdown.
    Bind DNUsername used to connect to the LDAP service on the specified LDAP Server.
    LDAP URL

    Enter the LDAP URL using the following format:

    [protocol///]host[:port][/basedn[?attribute,...][?scope][?filter]]

    Bind PasswordEnter the Bind DN's password.
    CA CertificatesSelect a certificate from the dropdown.
    Search LimitSearch sub-tree depth.
    TCP TimeoutEnter the TCP connection timeout in seconds.
    Search TimeoutEnter the search timeout in seconds.
    SASL Bind UserThe username to authenticate a DN on the directory server using SASL.
    SASL Bind MechanismThe username and password for authentication.

    Tag

    Enter a tag for the import.

  4. Click Save.

Examples: Import Users from LDAP

Open LDAP example:

"dn": "uid=test,o=org,dc=example,dc=com",

"url": "ldap://192.168.0.100/o=org,dc=example,dc=com?uid?sub?(objectclass=*)",

"password": "password"

Windows AD example:

"version": "3",

"dn": "cn=users,cn=usergroup,dc=example,dc=com",

"url": "ldap:192.168.0.100/cn=usergroup,dc=example,dc=com?sAMAccountName?sub?(objectClass=user)",

"password": "password"

Support is offered if the format of the tree can parse uid/sAMAccountName in the search results. Ensure the URL queries the proper data.

Previous
Next