Question 1

How to deploy SHIVA on AWS or another cloud provider?

Accepted Answer

Deploy SHIVA on cloud platforms by using Docker containers for the Receiver and Analyzer components. Set up a shared volume or directory for the email queue, configure PostgreSQL for data storage, and use the Docker Compose file as a template. Ensure network security rules allow SMTP traffic on the designated port.

Question 2

What's the difference between SHIVA and SpamAssassin?

Accepted Answer

SHIVA is a spam honeypot designed to collect and analyze spam for threat intelligence by acting as an open SMTP server. In contrast, SpamAssassin is a mail filter that scores and blocks spam in real-time, typically used in production email servers. SHIVA focuses on data gathering and post-analysis, while SpamAssassin is for immediate filtering.

Question 3

How does SHIVA handle high volumes of incoming spam?

Accepted Answer

SHIVA's modular architecture allows the Receiver to accept emails independently and queue them in a shared directory, so high volumes can be handled without blocking the Analyzer. However, performance may depend on hardware and PostgreSQL tuning; scaling might require optimizing database resources and container configurations.

Question 4

Can I customize the analysis rules in SHIVA?

Accepted Answer

Yes, SHIVA is open-source and written in Python, so you can modify the Analyzer component to add custom parsing logic or integrate with other services. The modular design makes it extensible, but this requires programming knowledge and understanding of the codebase.

Question 5

Is SHIVA suitable for academic research on spam campaigns?

Accepted Answer

Absolutely, SHIVA is well-suited for academic or security research because it captures detailed metadata, groups emails into campaigns, and stores data in PostgreSQL for analysis. Its focus on threat intelligence makes it ideal for studying phishing, malware distribution, and botnet activities over time.

Question 6

How to integrate SHIVA with existing SIEM systems?

Accepted Answer

Integrate SHIVA with SIEM systems by querying the PostgreSQL database directly or writing scripts to export data to tools like Splunk or Elasticsearch. The structured schema allows for easy data extraction, but integration may require custom development to format and send logs appropriately.

Shiva

What is Shiva?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions