• ISC Handlers and Interns: This tool provides a streamlined process for post-installation setup, allowing for faster honeypot deployment and data collection. • Automated Log Backups: The script organizes, compresses, and password-protects honeypot logs to prevent accidental execution of malicious files. • PCAP Capture Setup: Using tcpdump, it captures network traffic while excluding specific ports, ensuring relevant data is logged. Ensures the necessary directory structures for logs, backups, and PCAP data are in place, with proper permissions to secure sensitive files. • Cybersecurity Professionals: This tool's time-saving features can benefit anyone interested in setting up a DShield honeypot and contributing to threat intelligence efforts. Sets up tcpdump to capture network traffic, excluding predefined ports to ensure relevant data capture. • Optional Tool Installation: Cowrieprocessor and JSON-Log-Country are included as optional tools. The script optionally installs cowrieprocessor and JSON-Log-Country, two tools that were extremely helpful during my internship. • Helpful for Multiple Honeypots: This script is handy when managing several honeypots. Installs essential tools such as tcpdump, git, and python3-pip, streamlining the log and packet capture setup. If enabled, the script supports SCP transfers to a remote server, automating the secure transfer of backups for off-sensor storage. Automatically rotates logs and stores them with password protection. CowrieProcessor condenses this data into a readable format, focusing on crucial elements like session details, IP addresses, commands entered by attackers, and malicious files downloaded during the session.
This Cyber News was published on isc.sans.edu. Publication date: Thu, 03 Oct 2024 00:43:05 +0000