Fortinet black logo

Administration Guide

Home FortiDeceptor 5.2.0 Administration Guide
5.2.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

Deploying Azure deception keys

Deploying Azure deception keys

To deploy Azure deception keys, first create the keys in Azure, then upload them to the FortiDeceptor and create a new campaign.

To create Azure AD application keys for Lure Resource:
  1. Log in to your Azure account.
  2. Go to Azure Active Directory > App registrations > Register an application > Register. Do not assign any API permissions to this application.

  3. Go to Azure Active Directory > App registrations > All applications, and locate the application you created (for example, NewAPPsample1).
  4. Copy and paste the client ID and the tenant ID into a .txt file (for example KeysSample1.txt).

  5. Input multiple applications info into one .txt file, such as Keys3Samples.txt

    .

  6. Locate the application you created (for example, NewAPPsample1). Go to Certificate & secrets > Certificates, and upload a certificate (public key).

    1. (Optional) Upload a public key to the deception application.

    2. (Optional) Keep the certificate file that corresponds to the public key you uploaded in the previous step.
To create Azure application keys for Azure Connector:
  1. Go to create an AD application for Azure Connector.
  2. Ensure that the required permissions are granted for the registration of this application.

    For a Microsoft Graph User, following API/Permissions must be granted:

    • User.Read.All
    • User.ReadWrite.All
    • GroupMember.Read.All
    • GroupMember.ReadWrite.All
    • Group.ReadWrite.All
    • Group.Read.All
    • AuditLog.Read.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • User.ManageIdentities.All of type Application.

  3. Create the secret, and keep the client ID and tenant ID for the Azure Connector later.
To deploy the deception keys in FortiDeceptor:
  1. Log in to FortiDeceptor and go to Deception > Lure Resources and click Upload. You cannot select which Azure key is to be installed if you upload multiple keys at the same time.
  2. For Lure Type, select Credential - Azure Keys (txt) and upload the text file you created in the previous task ( for example, KeysSample1.txt) , and click Save.

    If you kept the certificate file which includes certificate with private key, for Lure Type, select Azure Certificate, and upload the certificate file from 6.b.

  3. Go to Fabric > Quarantine Integration .
  4. Click +Quarantine Integration With New Device and configure the integration.

    Integrate method

    Select Azure Keys.

    Client ID

    Also called Application ID;Unique ID of the Azure Active Directory application.

    Client Secret

    Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API.

    Tenant ID

    Tenant ID provided for your Azure Active Directory.

    Verify SSL

    Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.

  5. Go to Deception > Deception Token > Token Campaign.
  6. Click + Campaign. Enable the toggle and use the default location or customized location to create the Azure keys campaign.

  7. Click Save.
Previous
Next

Deploying Azure deception keys

To deploy Azure deception keys, first create the keys in Azure, then upload them to the FortiDeceptor and create a new campaign.

To create Azure AD application keys for Lure Resource:
  1. Log in to your Azure account.
  2. Go to Azure Active Directory > App registrations > Register an application > Register. Do not assign any API permissions to this application.

  3. Go to Azure Active Directory > App registrations > All applications, and locate the application you created (for example, NewAPPsample1).
  4. Copy and paste the client ID and the tenant ID into a .txt file (for example KeysSample1.txt).

  5. Input multiple applications info into one .txt file, such as Keys3Samples.txt

    .

  6. Locate the application you created (for example, NewAPPsample1). Go to Certificate & secrets > Certificates, and upload a certificate (public key).

    1. (Optional) Upload a public key to the deception application.

    2. (Optional) Keep the certificate file that corresponds to the public key you uploaded in the previous step.
To create Azure application keys for Azure Connector:
  1. Go to create an AD application for Azure Connector.
  2. Ensure that the required permissions are granted for the registration of this application.

    For a Microsoft Graph User, following API/Permissions must be granted:

    • User.Read.All
    • User.ReadWrite.All
    • GroupMember.Read.All
    • GroupMember.ReadWrite.All
    • Group.ReadWrite.All
    • Group.Read.All
    • AuditLog.Read.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • User.ManageIdentities.All of type Application.

  3. Create the secret, and keep the client ID and tenant ID for the Azure Connector later.
To deploy the deception keys in FortiDeceptor:
  1. Log in to FortiDeceptor and go to Deception > Lure Resources and click Upload. You cannot select which Azure key is to be installed if you upload multiple keys at the same time.
  2. For Lure Type, select Credential - Azure Keys (txt) and upload the text file you created in the previous task ( for example, KeysSample1.txt) , and click Save.

    If you kept the certificate file which includes certificate with private key, for Lure Type, select Azure Certificate, and upload the certificate file from 6.b.

  3. Go to Fabric > Quarantine Integration .
  4. Click +Quarantine Integration With New Device and configure the integration.

    Integrate method

    Select Azure Keys.

    Client ID

    Also called Application ID;Unique ID of the Azure Active Directory application.

    Client Secret

    Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API.

    Tenant ID

    Tenant ID provided for your Azure Active Directory.

    Verify SSL

    Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.

  5. Go to Deception > Deception Token > Token Campaign.
  6. Click + Campaign. Enable the toggle and use the default location or customized location to create the Azure keys campaign.

  7. Click Save.
Previous
Next