Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: tcp-honeypot.py Logstash Parser & Dashboard Update - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
tcp-honeypot.py Logstash Parser & Dashboard Update

This is an update for logstash and dashboard published in January for Didier's tcp-honeypot.py honeypot script. The parser has been updated to follow the Elastic Common Schema (ECE) format, parsing more information from the honeypot logs that include revised and additional dashboards.

tcp-honeypot Log Analysis from Discover

tcp-honeypot Dashboard Summary

The file tcp-honeyport parser can be downloaded here and the dashboard JSON here.

[1] https://isc.sans.edu/forums/diary/ELK+Dashboard+and+Logstash+parser+for+tcphoneypot+Logs/25702
[2] https://www.elastic.co/guide/en/ecs/current/ecs-reference.html
[3] https://handlers.sans.edu/gbruneau/elastic.htm

-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

 Guy

523 Posts
ISC Handler
Jun 28th 2020
Thread locked Subscribe Jun 28th 2020
2 years ago
Looks nice! Is this or will this be integrated into the DShield honeypot? https://isc.sans.edu/honeypot.html
 Sam

6 Posts
Quote Jun 28th 2020
2 years ago
This is not currently part of the DShield Honeypot, this is a different honeypot maintained by handler Didier Stevens.
 Guy

523 Posts
ISC Handler
Quote Jun 28th 2020
2 years ago

Sign Up for Free or Log In to start participating in the conversation!