Cowrie Honeypot Instrument

Cowrie Instrument integrates Cowrie honeypot into SensorFleet platform. Cowrie honeypot is a medium interaction SSH/Telnet honeypot which logs shell interaction and brute force login attempts from attacker.

The Instrument will send events for user interaction with the honeypot. This allows to easily integrate honeypot activity into same security monitoring with other Instruments running on SensorFleet platform. Running honeypot within SensorFleet Instrument adds a layer of protection as the honeypot process is running inside isolated container.

This Instrument needs active network access to run the honeypot, the network access can be either dedicated physical interface or network access provided by internal bridge interface.

API

HTTP API provides endpoint for downloading files downloaded/uploaded into the honeypot by attacker.

Properties

Developer SensorFleet Oy (Open Source integration)
Categories Attack Detection, Honeypot
Network access type Active
Required interfaces
  • Network access to the honeypot
Dependencies None
Data retention Cowrie instrument stores logs and artifacts downloaded/uploaded to it up the configured retention period
Management UI Yes
Previous instrument Asset Guard Next instrument Suricata IDS

Contact & Locations

contact@sensorfleet.com

Privacy policy »

© SensorFleet Oy
Business ID: 2884312-2

Oulu

SensorFleet Oy
Teknologiantie 11
90590 Oulu
Finland

Sami Petäjäsoja
+358 40 503 0745

Helsinki

SensorFleet Oy
Hitsaajankatu 22
00810 Helsinki
Finland

Simo Mäkipaja
+358 40 583 3999