tpotce icon indicating copy to clipboard operation
tpotce copied to clipboard

Published 20 hours ago verified publisher icon telekom-security

Sentrypeer not shown on dashboard because object 'Honeypot-Logs' misses ' OR type.keyword:"Sentrypeer" '

Open t3chn0m4g3 opened this issue 1 year ago • 1 comments

Discussed in https://github.com/telekom-security/tpotce/discussions/1382

Originally posted by LuXc-NL August 5, 2023 I noticed that Sentrypeer attacks were not shown on the T-Pot dashboard, by adjusting the object from

type.keyword:"Adbhoney" OR type.keyword:"Ciscoasa" OR type.keyword:"CitrixHoneypot" OR type.keyword:"ConPot" OR type.keyword:"Cowrie" OR type.keyword:"Ddospot" OR type.keyword:"Dicompot" OR type.keyword:"Dionaea" OR type.keyword:"ElasticPot" OR type.keyword:"Endlessh" OR type.keyword:"Glutton" OR type.keyword:"Hellpot" OR type.keyword:"Heralding" OR type.keyword:"Honeytrap" OR type.keyword:"Honeypots" OR type.keyword:"Log4pot" OR type.keyword:"Ipphoney" OR type.keyword:"Mailoney" OR type.keyword:"Medpot" OR type.keyword:"Redishoneypot" OR type.keyword:"Tanner" OR type.keyword:"Wordpot"

to

type.keyword:"Adbhoney" OR type.keyword:"Ciscoasa" OR type.keyword:"CitrixHoneypot" OR type.keyword:"ConPot" OR type.keyword:"Cowrie" OR type.keyword:"Ddospot" OR type.keyword:"Dicompot" OR type.keyword:"Dionaea" OR type.keyword:"ElasticPot" OR type.keyword:"Endlessh" OR type.keyword:"Glutton" OR type.keyword:"Hellpot" OR type.keyword:"Heralding" OR type.keyword:"Honeytrap" OR type.keyword:"Honeypots" OR type.keyword:"Log4pot" OR type.keyword:"Ipphoney" OR type.keyword:"Mailoney" OR type.keyword:"Medpot" OR type.keyword:"Redishoneypot" OR type.keyword:"Tanner" OR type.keyword:"Wordpot" OR type.keyword:"Sentrypeer"

The sentrypeer honeypot is shown.

t3chn0m4g3 avatar Aug 21 '23 11:08 t3chn0m4g3

It's actually called SentryPeer 😎

ghenry avatar Dec 02 '23 00:12 ghenry

It's actually called SentryPeer 😎

The tool is called SentryPeer but the data is tagged as type.keyword:"Sentrypeer" by default.

@t3chn0m4g3 - SentryPeer is also missing from most of the visualizations on the default ">T-Pot" Kibana dashboard. The default Kibana "Honeypots" saved query is missing Sentrypeer from the types.

type : Adbhoney Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Glutton Hellpot Heralding Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Redishoneypot Tanner Wordpot should become type : Adbhoney Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Glutton Hellpot Heralding Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Redishoneypot Sentrypeer Tanner Wordpot

AliceGrey avatar Mar 17 '24 02:03 AliceGrey

fixed in 234fb16394e70fae9353b6c5cb6631da7f001837 for T-Pot 24.x, release will follow soon (3-5 weeks).

t3chn0m4g3 avatar Mar 18 '24 15:03 t3chn0m4g3