Overview

For several years The Honeynet Project has operated a network of distributed honeypots. While operating a sensor network over multiple years, we’ve improved our ability to leverage orchestration to deploy in a variety of environments, manage the various sensors, and improve them over time.

Challenges

An early problem was simply how to manage honeypots running the same sensor software but deployed in very different environments. Further, the sensors needed to be lightweight and require as few resources as possible (so that we could deploy as many as possible). Luckily this effort didn’t require very much net-new orchestration and started out by relying on what had already been developed for tpot. Putting it all together, Ansible has really served as the backbone for bringing up new systems, and making it very easy to customize the sensors and deploy changes. Better yet, the effort into orchestration efforts make the individual sensors semi-disposable; their data is valuable but the sensors themselves are disposable and easily replaced by spinning up more instances.

This year has been a Christmas more tough than usual for a lot of people. The Covid pandemic is rising again all over the world, the security analysts are facing one of the worst ever found software vulnerabilities (referring to Log4j CVE-2021-44228), and so on.

With the goal to help all the community during these hard times, recently we have been working to a new project, called GreedyBear, that you can find on Github.