Hello and welcome to the Monday, February 5th, 2020, edition of the Sansenet Storms

Thunder's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville,

Florida. One of the questions that often comes up with our honeypot is if it's possible to gain

more insight into attacks hitting your individual

honeypot. Now, some of this can be done by just looking at your account in the shield.org or

the internet storm center. However, the information there is, of course, limited to information

that you submitted to us and that's

just sort of the basics of the attacks. On the other hand, the logs on the honey pot itself,

while they have a lot more details, they're often not that sort of easy accessible in particular

to people new to this field.

So Guy took it upon himself and did a real great job in figuring out how to build a little bit

of a dashboard that shows what's going on in your honeypot.

Now, this just got a lot easier now thanks to a Ghee-Hoo built a dashboard for the honeypot

using the ElkStack, Elasticsearch, Logstash, and Kibbana.

Great Kibbana dashboard here.

What I like in particular is the TTI logs, which is basically all the commands that attackers attempted to execute in the cowrie part of the honeypot.

This particular setup is made available as a Docker container. It can run on some of the better equipped Raspberry Pies, but definitely if you're running

your honeypot in a virtual machine or such, but you have a little bit more resources, it

shouldn't be all that difficult to run this dashboard.

Any feedback, as always, is very much appreciated.

Any data items or such that you may want to add,

or so to this setup or any bugs that you're running into.

...