Hello and welcome to the Thursday, April 24th,

2005 edition of the Sands and a Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Jesse and Ye have been maintaining part of our DeShield Honeypot,

in particular the seam component. The seam component

is an optional add-on that you can install for your Honeypot to give you a local dashboard

of what's going on with your Honeypot, what attacks you're seeing, and some graphic

representations of that. Now, keeping all that system up to date,

maintained, it can be a little bit tricky at times.

So Jesse did publish a diary,

summarizing some of his learnings about how to maintain the honeypot.

For example, how to update your bioval rules, your IP table rules automatically

to reflect a dynamic IP address. One thing we're doing

as part of the Honeypot is we only allow access to the admin port, the

actual SSH port, from very specific IP addresses, typically from IP addresses inside your own network,

and then also only log attacks coming from outside of your own network.

That may need some tweaking if your IP address gets updated, and as a result, Jesse is sort of summarizing what he had to do

in order to get that all working and set up properly.

The other thing that Jesse did illustrate is how to update the file beats component.

Now, the seam, and again, that's an add-on,

doesn't come sort of by default with the honeybot,

but it uses the usual Elk stack, Elasticsearch, Logs Dash, Kibbana.

...