Cowrie Honeypot Instrument
Cowrie Instrument integrates Cowrie honeypot into SensorFleet platform. Cowrie honeypot is a medium interaction SSH/Telnet honeypot which logs shell interaction and brute force login attempts from attacker.
The Instrument will send events for user interaction with the honeypot. This allows to easily integrate honeypot activity into same security monitoring with other Instruments running on SensorFleet platform. Running honeypot within SensorFleet Instrument adds a layer of protection as the honeypot process is running inside isolated container.
This Instrument needs active network access to run the honeypot, the network access can be either dedicated physical interface or network access provided by internal bridge interface.
HTTP API provides endpoint for downloading files downloaded/uploaded into the honeypot by attacker.
|Developer||SensorFleet Oy (Open Source integration)|
|Categories||Attack Detection, Honeypot|
|Network access type||Active|
|Data retention||Cowrie instrument stores logs and artifacts downloaded/uploaded to it up the configured retention period|