Question 1

How to integrate honeypots logs with an ELK stack?

Accepted Answer

Use the logging options to output to Syslog or a PostgreSQL database, then forward logs to Elasticsearch. The config.json examples show how to set up database logging for easy ingestion into ELK.

Question 2

Honeypots vs Cowrie: which is better for SSH deception?

Accepted Answer

Honeypots offers broader multi-protocol support and easier setup, but Cowrie is more specialized for SSH with deeper emulation. Choose Honeypots for all-in-one monitoring or Cowrie for focused SSH honeypotting.

Question 3

Is the honeypots package safe to run on a public-facing server?

Accepted Answer

It can be used for detection, but ensure proper network isolation and configuration to avoid exposing real services. The stripped-down emulations might not fully secure against advanced exploits.

Question 4

Can I customize honeypot responses to mimic specific software versions?

Accepted Answer

Yes, through config files and Python objects—for example, HTTP servers allow custom templates. However, deep customization may require modifying the source code due to the stripped-down nature.

Question 5

What unique protocols does honeypots support compared to other tools?

Accepted Answer

It includes lesser-monitored protocols like PJL, IPP, and SIP, which are often missing in alternatives, making it valuable for comprehensive network threat intelligence.

Question 6

How to handle scaling honeypots across multiple subnets?

Accepted Answer

Deploy multiple instances with different IPs and ports using auto-configure scripts, but management becomes manual; integrate logs into a central SIEM for analysis.

honeypots

What is honeypots?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions