Honeypot
Package name: intrudect-honeypot
Honeypot agent listens on TCP or UDP ports specified in the configuration, accepts incoming connections, and if one is detected, an alert is sent to the central web.
Configuration
The initial example (not default) configuration for Honeypot can be created in the web application under Agents > Add new honeypot
. After saving and downloading it, store the configuration on the machine running the agent at /opt/intrudect-honeypot/etc/config.json
. Once in place, Honeypot will request an updated configuration from the web application every minute.
Listeners
Multiple Listener
instances can be added to the Honeypot. For each listener, you must specify the IP
address and the TCPPorts
and UDPPorts
to be monitored.
Other options
SendPCAP
sends packets received in TCP session as a PCAP file alongside alertSaveLocalPCAP
saves packets received in TCP session as local PCAP file. File is saved in/opt/intrudect-honeypot/honeypot_<srcip>_<dstip>_<datetime>.pcap
ExcludeSrcIP
array ofIP
addresses, that are ignored by honeypot.