Skip to content
/ dpot Public

A centralized system of distributed honeypots based on the ELK Stack and Docker

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oxi-git/dpot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
collector/elk
collector/elk
 
 
doc/assets
doc/assets
 
 
sensor
sensor
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README.pdf
README.pdf
 
 

Repository files navigation

dpot

A centralized but distributed honeypot system inspired by telekom-security/tpotce

Introduction

Based on the T-Pot Honeypot framework, this projects makes it easy to deploy and monitor a distributed honeypot infrastructure.

Infrastructure:

Collector 🍯

Components:

  • ELK Stack
  • Elastic Curator

Installation

  1. Set your password in .env file (you MUST keep the elastic username)
  2. Generate certificates for Logstash and Filebeat (sensors) with logstash/ssl/generate.sh
  3. Generate certificates for NGINX with nginx/generate.sh
  4. $ docker-compose up -d

Sensor 🐝

Components:

  • Filebeat
  • Cowrie
  • Mailhoney
  • ElasticPot
  • Dionaea / Heralding
  • Suricata

Installation:

  1. Set collector IP/FQDN and sensor name in .env file
  2. Copy ca.crt, ca.key and serial file from logstash ssl config into sensor/filebeat/ssl/
  3. Generate Filebeat certificate with generate.sh
  4. Select honeypots to active by commenting the services in docker-compose.yml file or with docker-compose up -d filbeat [honeypots]

About

A centralized system of distributed honeypots based on the ELK Stack and Docker

Topics

docker honeypot elk blue-team

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages