Hello and welcome to the Friday, September 12, 2025 edition of the Sands Internet Storms Centers.

Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu undergraduate certificate program in

cybersecurity fundamentals. Today's diary is an update from Ghee about the D-Shield seam

that, well, Ghee maintains and actually he created it as well. One of the great things about running a honeypot is, well, awareness about all the attacks

that your network may be exposed to.

This scene provides you with a real pretty graphical user interface,

summarizing the attacks that are hitting your honey pot and allowing you to eventually dig into

the data more easily without having to break out your command line skills. And just the

visualization itself is pretty nice and also provides quite a bit of value, I think,

particular to better understand how the attacks are breaking down.

There's geographic maps that you can look at.

There are various sort of port statistics and such that are being summarized here.

Now, the nice thing about this seam is that it's actually entirely inside Docker containers.

And that makes it really easy to update. You essentially just remove the old Docker containers

and then create new ones and you are up to date. So if you're using this tool, well,

take a look at it. If you're not using it, well, take a look at it and see if you like it.

It does require a little bit more processing power than you usually have, like, on the

basic Raspberry Pies.

But if you are running your honeypot inside a virtual machine or on a little bit of more

powerful system, it'll certainly

work. It uses Elk, Elk, Elasticsearch, Logstash, Kibana, and those familiar with these

...