From the observability and monitoring point of view of the infra we are building we should deploy Elastics.arch, Logstash, Kibana, and Filebeat to collect and analyze honeypot attack logs.
Requirements:
- Single-node Elasticsearch cluster (serving as a DB + Search Engine)
- Logstash for parsing Cowrie JSON logs and filtering work
- Kibana for visualization
- Filebeat on honeypot VM (as a Log Aggregator)
- Real-time log processing
Steps for Implementation:
- Deploy Elasticsearch with configuration
- Configure Logstash pipeline for Honeypot logs
- Set up Kibana dashboards
- Install Filebeat on honeypot VM
- Test end-to-end log flow
Criteria for success
- Logs appear in Kibana within seconds
- GeoIP enrichment should be working fine
- Dashboard displays attack data
- System handles huge amount of logs/minute data
This enables us to analyse real-time attacks and extract threat intelligence from honeypot logs thereby improving our system
From the observability and monitoring point of view of the infra we are building we should deploy Elastics.arch, Logstash, Kibana, and Filebeat to collect and analyze honeypot attack logs.
Requirements:
Steps for Implementation:
Criteria for success
This enables us to analyse real-time attacks and extract threat intelligence from honeypot logs thereby improving our system