Technical Tip: How to test trigger alert rule for Binary Infection
| Description | This article describes how to do testing to trigger an alert rule for binary infection. |
| Scope | FortiDeceptor. |
| Solution | In this example, the mail server has already been configured and is working to receive email from the FortiDeceptor. Go to Mail Server -> Create Alert Delivery Rule. Enable the alert rule and the Binary Infection.
Access to the decoy by RDP and download a file in the decoy. In this example, a FortiGuard Sample Files was downloaded.
Go to Log -> All Events, it should show a log such as below if the incident matches the alert rule created and the alert email is sent to the recipient. As per the below example, the incident matches the alert rule name 'Binary' that was created previously, and the email is sent to the recipient address 'user1@sholehin.lab' that is configured in the recipient.
In the recipient's mailbox, the alert email should be received as per the example below.
|
