Cowrie Honeypot Instrument

Cowrie Instrument integrates Cowrie honeypot into SensorFleet platform. Cowrie honeypot is a medium interaction SSH/Telnet honeypot which logs shell interaction and brute force login attempts from attacker.

The Instrument will send events for user interaction with the honeypot. This allows to easily integrate honeypot activity into same security monitoring with other Instruments running on SensorFleet platform. Running honeypot within SensorFleet Instrument adds a layer of protection as the honeypot process is running inside isolated container.

This Instrument needs active network access to run the honeypot, the network access can be either dedicated physical interface or network access provided by internal bridge interface.


HTTP API provides endpoint for downloading files downloaded/uploaded into the honeypot by attacker.


Developer SensorFleet Oy (Open Source integration)
Categories Attack Detection, Honeypot
Network access type Active
Required interfaces
  • Network access to the honeypot
Dependencies None
Data retention Cowrie instrument stores logs and artifacts downloaded/uploaded to it up the configured retention period
Management UI Yes
Previous instrument Traffic Guard Next instrument Suricata IDS

Contact us

Privacy policy »

© SensorFleet Oy
Business ID: 2884312-2


SensorFleet Oy
Teknologiantie 11
90590 Oulu

Sami Petäjäsoja
+358 40 5030745


SensorFleet Oy
Hitsaajankatu 22
00810 Helsinki

Simo Mäkipaja
+358 40 583 3999