Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free! Logstash Parser & Dashboard Update

Published: 2020-06-28
Last Updated: 2020-06-28 11:54:46 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

This is an update for logstash and dashboard published in January for Didier's honeypot script. The parser has been updated to follow the Elastic Common Schema (ECE) format, parsing more information from the honeypot logs that include revised and additional dashboards.

tcp-honeypot Log Analysis from Discover

tcp-honeypot Dashboard Summary

The file tcp-honeyport parser can be downloaded here and the dashboard JSON here.


Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

2 comment(s)
Diary Archives