Updates to CTI Gathering

Share on:


  • Some recent updates have been made to the honeypots to increase the capacity for detecting attacks on various protocols. I have included SIP, Redis, git, ntp, ftp, http proxy, vnc, rdp, MySQL, MSSL and telnet protocols. The next steps for this are to allow some logins into containers, thereby allowing the capture of additional IOCs such as file hashes, scripts and malware. All IOCs are pushed to AlienVault OTX through the OTX API and can be downloaded in CSV, Stix, and OpenIOC formats provided as TLP white or green.

Additional plans include:

  • Dockerise honeypot to deploy in cloud environments
  • Automatic STIX conversion and download availability on website
  • opensource honeypot code and upload on GitHub