tcp-honeypot.py Logstash Parser & Dashboard Update

Published: 2020-06-28. Last Updated: 2020-06-28 11:54:46 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

This is an update for logstash and dashboard published in January for Didier's tcp-honeypot.py honeypot script. The parser has been updated to follow the Elastic Common Schema (ECE) format, parsing more information from the honeypot logs that include revised and additional dashboards.

tcp-honeypot Log Analysis from Discover

tcp-honeypot Dashboard Summary

The file tcp-honeyport parser can be downloaded here and the dashboard JSON here.

[1] https://isc.sans.edu/forums/diary/ELK+Dashboard+and+Logstash+parser+for+tcphoneypot+Logs/25702
[2] https://www.elastic.co/guide/en/ecs/current/ecs-reference.html
[3] https://handlers.sans.edu/gbruneau/elastic.htm

-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: ECE ELK Honeypot tcphoneypot
2 comment(s)

Comments

Looks nice! Is this or will this be integrated into the DShield honeypot? https://isc.sans.edu/honeypot.html

Anonymous

Jun 28th 2020
5 years ago

This is not currently part of the DShield Honeypot, this is a different honeypot maintained by handler Didier Stevens.

Anonymous

Jun 28th 2020
5 years ago

Login here to join the discussion.


Top of page
Diary Archives