This article describes how the integration between Fortideceptor and FortiSandbox appliance-based will deliver a comprehensive static and dynamic analysis of malicious code captured by network decoys.
Scope
FortiDeceptor.
Solution
Step 1: Ensure the connection is established between FortiDeceptor and FortiSandbox using API under Fabric -> Detection Device and select appliance.
- The IP address for FortiSandbox.
- Port no 443.
- Admin Username and password for FortiSandbox.
- Select Test accessibility to ensure the connection between FortiDeceptor: FortiSandbox was established successfully.
Step 2: When an attacker accesses a Token on the victim machine and tries to install a file, it will be monitored and analyzed from FortiDeceptor and FortiSandbox.
Step 3: To monitor from FortiDeceptor, select Incident > Analysis and select the incident. It is possible to find more details about the file attacker trying to install it, scan rating results from the AntiVirus static scan, and FortiSandbox scan results.
Step 4: Select FortiSandbox to download the PDF report and see more details for the job summary. As mentioned, submit type RPC (refer to Fortideceptor).
Step 5: To monitor and check from FortiSandbox select Scan Job > File on demand.
