Question 1

Is Elastichoney still actively maintained and safe to use in 2024?

Accepted Answer

Based on the README, the last significant update appears to be from 2015, with no recent releases mentioned. It might be outdated and not cover newer Elasticsearch vulnerabilities, so it's best used for historical or educational purposes rather than production security.

Question 2

How does Elastichoney compare to modern honeypot frameworks like Cowrie or T-Pot?

Accepted Answer

Elastichoney is specialized for Elasticsearch RCE attacks and is simpler to deploy, but frameworks like Cowrie offer broader service coverage, active development, and more features like interactive sessions, making them better for comprehensive threat detection.

Question 3

How to integrate Elastichoney logs with a SIEM like Splunk?

Accepted Answer

Elastichoney logs to a configurable file, so you can use log forwarders like Splunk Universal Forwarder or Filebeat to send the logs to your SIEM. Set up the log path in Elastichoney's configuration and configure the forwarder to monitor that file.

Question 4

What specific Elasticsearch RCE vulnerabilities does Elastichoney detect?

Accepted Answer

The README states it catches attackers exploiting RCE vulnerabilities in Elasticsearch, but doesn't list exact CVEs. It likely simulates known exploits from around 2015, such as those involving dynamic scripting or plugin weaknesses, but may miss newer ones.

Question 5

Can Elastichoney run in a Kubernetes cluster instead of Docker Compose?

Accepted Answer

Yes, you can adapt the Docker setup by creating Kubernetes deployments and services. Use the provided Docker image, manage logs via persistent volumes, and ensure network policies allow external access to mimic a vulnerable instance.

Question 6

Does Elastichoney support SSL/TLS or authentication for the honeypot?

Accepted Answer

No, the README doesn't mention encryption or authentication features. It simulates a default, unsecured Elasticsearch instance, which might not accurately mimic production environments with security enabled, limiting realism.

Elastic honey

What is Elastic honey?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions