[Owasp_wasc_distributed_web_honeypots_project] Honeypot Output & Reporting

Adrian Winckles adrian.winckles at owasp.org
Wed May 6 22:45:26 UTC 2015


Hi Hrvoje

Thanks for this, much appreciated 

@Ryan, would it possible in some way to get access either to the console web app for Modsecurity or to be able to compile a demo version for myself at all please?

Many thanks

Adrian 

Sent from my iPad

> On 30 Apr 2015, at 11:55, Hrvoje Spoljar <hrvoje.spoljar at gmail.com> wrote:
> 
> Hi Adrian,
> 
> I'll try to answer some of your questions.
> 
> > What data/metrics can the individual honeypots report back?
> 
> Each sensor gathers and relays audit logs to central console.
> For more info on what audit logs look like and consist of check e.g.
> https://www.atomicorp.com/wiki/index.php/Modsecurity_audit_log
> 
> > Can the individual honeypots be managed individually or must the ModSecurity console be used?
> 
> There is nothing to manage on honeypot. Reporting is done based on what Mod_Security rules
> match and relay. Rules are auto updated from OWASP git ruleset.
> 
> > What other reporting mechanisms are supported, if any?
> 
> I believe only way to get data about attacks is through central console.
> 
> > Does anyone have any experience with deploying the ovf's directly into an Amazon EC2 cloud?
> 
> http://aws.amazon.com/ec2/vm-import/ here you can import OVF/OVA virtual machine/appliance.
> Should be fairly straightforward.
> 
> > How des one gain access to the console application, can it be downloaded as well?
> 
> Console is webapp. For more information/access please contact project lead Ryan Barnett.
> 
> 
> Regards,
> Hrvoje
> 
> 
>> On Wed, Apr 29, 2015 at 12:26 AM, Adrian Winckles <adrian.winckles at owasp.org> wrote:
>> Dear All
>> 
>> I'm leading a research project for botnet detection in cloud and virtualized environments and am interested in the use of honeypots to provide intelligence data to help the detection mechanisms fine tune the detection process
>> 
>> The OWASP WASC Distributed WebHoneypot project looks like it might provide a very useful threat intelligence gathering mechanism that I could use with other detection mechanisms for cloud service providers to provide a better chance of finding a needle in a haystack
>> 
>> I've a few queries I'd be grateful is somebody could help me address
>> 
>> What data/metrics can the individual honeypots report back?
>> Can the individual honeypots be managed individually or must the ModSecurity console be used?
>> What other reporting mechanisms are supported, if any?
>> Does anyone have any experience with deploying the ovf's directly into an Amazon EC2 cloud?
>> How des one gain access to the console application, can it be downloaded as well?
>> 
>> Many thanks
>> 
>> Adrian
>> 
>> OWASP UK Cambridge Chapter Leader
>> _______________________________________________
>> Owasp_wasc_distributed_web_honeypots_project mailing list
>> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project
> 
> _______________________________________________
> Owasp_wasc_distributed_web_honeypots_project mailing list
> Owasp_wasc_distributed_web_honeypots_project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150506/00f8ef39/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list