[Owasp_wasc_distributed_web_honeypots_project] Honeypot Output & Reporting

Hrvoje Spoljar hrvoje.spoljar at gmail.com
Thu Apr 30 10:55:56 UTC 2015


Hi Adrian,

I'll try to answer some of your questions.

> What data/metrics can the individual honeypots report back?

Each sensor gathers and relays audit logs to central console.
For more info on what audit logs look like and consist of check e.g.
https://www.atomicorp.com/wiki/index.php/Modsecurity_audit_log

> Can the individual honeypots be managed individually or must the
ModSecurity console be used?

There is nothing to manage on honeypot. Reporting is done based on what
Mod_Security rules
match and relay. Rules are auto updated from OWASP git ruleset.

> What other reporting mechanisms are supported, if any?

I believe only way to get data about attacks is through central console.

> Does anyone have any experience with deploying the ovf's directly into an
Amazon EC2 cloud?

http://aws.amazon.com/ec2/vm-import/ here you can import OVF/OVA virtual
machine/appliance.
Should be fairly straightforward.

> How des one gain access to the console application, can it be downloaded
as well?

Console is webapp. For more information/access please contact project
lead Ryan Barnett.


Regards,
Hrvoje


On Wed, Apr 29, 2015 at 12:26 AM, Adrian Winckles <adrian.winckles at owasp.org
> wrote:

> Dear All
>
> I'm leading a research project for botnet detection in cloud and
> virtualized environments and am interested in the use of honeypots to
> provide intelligence data to help the detection mechanisms fine tune the
> detection process
>
> The OWASP WASC Distributed WebHoneypot project looks like it might provide
> a very useful threat intelligence gathering mechanism that I could use with
> other detection mechanisms for cloud service providers to provide a better
> chance of finding a needle in a haystack
>
> I've a few queries I'd be grateful is somebody could help me address
>
> What data/metrics can the individual honeypots report back?
> Can the individual honeypots be managed individually or must the
> ModSecurity console be used?
> What other reporting mechanisms are supported, if any?
> Does anyone have any experience with deploying the ovf's directly into an
> Amazon EC2 cloud?
> How des one gain access to the console application, can it be downloaded
> as well?
>
> Many thanks
>
> Adrian
>
> OWASP UK Cambridge Chapter Leader
> _______________________________________________
> Owasp_wasc_distributed_web_honeypots_project mailing list
> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150430/c91ace70/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list