Question
FortiDeceptor quarantine with FortiGate - attacker quarantined too early
Hello,
I am working with quarantine actions on FortiDeceptor and noticed something important. When I integrate FortiDeceptor with FortiGate for quarantine, if an attacker connects to a decoy (for example via RDP), the attacker is immediately quarantined.
The issue is that this prevents me from observing the attacker’s techniques and tactics in more detail, since the quarantine is triggered right away.
Is there any configuration or adjustment that allows FortiDeceptor to delay quarantine or to give the attacker more time to interact with the decoy before FortiGate enforces the quarantine action?
Thanks in advance for your guidance.
Regards,
Ä°smail Ãœrek