Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Logstash Parser & Dashboard Update - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free! Logstash Parser & Dashboard Update

This is an update for logstash and dashboard published in January for Didier's honeypot script. The parser has been updated to follow the Elastic Common Schema (ECE) format, parsing more information from the honeypot logs that include revised and additional dashboards.

tcp-honeypot Log Analysis from Discover

tcp-honeypot Dashboard Summary

The file tcp-honeyport parser can be downloaded here and the dashboard JSON here.


Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu


523 Posts
ISC Handler
Jun 28th 2020
Looks nice! Is this or will this be integrated into the DShield honeypot?

6 Posts
This is not currently part of the DShield Honeypot, this is a different honeypot maintained by handler Didier Stevens.

523 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!