Question 1

How to deploy Beelzebub honeypot on Kubernetes?

Accepted Answer

Use the provided Helm chart by running 'helm install beelzebub ./beelzebub-chart'. The README includes steps for deployment and upgrades, making it straightforward for containerized environments.

Question 2

Beelzebub vs Cowrie for SSH honeypots?

Accepted Answer

Beelzebub offers low-code YAML configuration and AI-enhanced simulations for realism, while Cowrie is a more traditional, high-interaction honeypot with deeper emulation. Beelzebub is better for easy setup and modern AI integration, but Cowrie may be preferable for detailed attack analysis.

Question 3

Can I use Beelzebub without AI integration?

Accepted Answer

Yes, you can configure static responses in YAML for protocols like SSH, HTTP, and TCP without LLMs, using handlers for commands. This allows basic honeypot functionality, but AI features add dynamic interaction for better deception.

Question 4

How to integrate Beelzebub with Prometheus?

Accepted Answer

Beelzebub exposes a Prometheus endpoint at the configured port (default :2112/metrics) with metrics like beelzebub_events_total. Just enable it in the core YAML configuration and point Prometheus to scrape it.

Question 5

What LLM models are supported in Beelzebub?

Accepted Answer

It supports OpenAI models (e.g., GPT-4o) and local Ollama models (e.g., codellama:7b), as shown in SSH and TELNET examples. You need to provide API keys or host details in the plugin configuration.

Question 6

Is Beelzebub suitable for production security monitoring?

Accepted Answer

It can be used in production for threat detection with its observability features, but the low-interaction architecture and AI dependencies may limit depth of analysis. Best for supplementing existing security tools rather than as a standalone solution.

Beelzebub

What is Beelzebub?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions