A centralized but distributed honeypot system inspired by
telekom-security/tpotce
Based on the T-Pot Honeypot framework, this projects makes it easy to deploy and monitor a distributed honeypot infrastructure.
- ELK Stack
- Elastic Curator
- Set your password in
.env
file (you MUST keep theelastic
username) - Generate certificates for Logstash and Filebeat (sensors) with
logstash/ssl/generate.sh
- Generate certificates for NGINX with
nginx/generate.sh
$ docker-compose up -d
- Filebeat
- Cowrie
- Mailhoney
- ElasticPot
- Dionaea / Heralding
- Suricata
- Set collector IP/FQDN and sensor name in
.env
file - Copy
ca.crt
,ca.key
andserial
file from logstash ssl config intosensor/filebeat/ssl/
- Generate Filebeat certificate with
generate.sh
- Select honeypots to active by commenting the services in
docker-compose.yml
file or withdocker-compose up -d filbeat [honeypots]