Hello, world! Welcome to the HoneypotDB blog, our space for posting updates and sharing news 👋
. Here we’ll be discussing the platform’s development progress, working through technical challenges together and sharing some of the initial intelligence we’ve found.
We’re currently working towards releasing an Alpha by the end of the year, so I invite you to check back every so often to see how far we’ve come and follow us on socials.
About the platform
At HoneypotDB, we’re building a cyber threat intelligence platform with a difference. We’re tackling the industry’s lack of reliable, actionable and high quality threat intelligence. Through a global network of honeypots, we monitor the real-time actions of cyber adversaries to analyse trends, find emerging threats and provide insights on how to best defend your
How we’re different
In contrast to traditional intelligence sources, our aim isn’t to scaremonger, cause a panic or just bolt another metric onto the CVSS Score, instead we’re dedicated to assessing the actual real-world threat. Our intelligence is based on what vulnerabilities attackers/bots are actually targeting, their MITRE ATT&CK tactics, techniques, procedures and goals.
We’re creating a global network comprising of thousands of actual CVEs (not emulations) deployed into the wild, with detection engines to interrogate the resulting network traffic, file system changes, processes and activity. We’ve built a framework that enables the rapid development and deployment of such honeypots, with the aim to go from CVE announcement to honeypot within 24 hours.
Oh and the best bit… all our data is 100% searchable. As a customer, you can query everything from TTP related events to individual network packets. Terabytes of attack data at your fingertips to give you confidence in our intelligence and make some discoveries of your own!
Our capabilities
In our Alpha stage, we’re working on building out 4 core capabilities:
🔍
Search – Complete access to data captured from honeypots. Perform searches, visualize and investigate adversaries.🌡️
Score – A reliable threat indicator reputation system driven by real malicious events mapped to their MITRE ATTACK TTPs .🦠
Malware – The capture, analysis and indexing of malware samples used in the wild by cyber adversaries. All of which are downloadable.🚨
Monitor – Real-time rule based alerting to monitor for changes in CVE activity, indicator activity, ATT&CK TTPs, trends and compromise.
Progress so far
Until recently, the HoneypotDB project has remained a spare-time curiosity, slowly building out infrastructure and core capabilities. With a renewed focus on development we’re excited to share what we’ve built so far.
Infrastructure
For the curious, we’re driven by technologies like elasticSearch , Kubernetes , REDIS and MariaDB . Lots of time has been focused on the infrastructure behind HoneypotDB, building out Terraform and Ansible Playbooks to ensure everything runs smoothly.
We’re hard at work building out technologies that will enable continues analysis of incoming data and performing load tests to ensure the platform remains quick and accessible.
API Development
Our platform is entirely API first, driving the web UI that users will interface with and the integrations with SIEM/SOAR tools. We’re developing in Python 🐍
to enable rapid development and utilize its widespread adoption in the industry.
We’re working hard to ensure our API is feature-rich, REST compliant and has a complete OpenAPI 3.0 specification to make interfacing with it quick and easy. We’re also developing a Python SDK too.
Our API isn’t live just yet, but our OpenAPI Spec is!
UI Development
Personally, I’d love to sit behind Insomnia and use HoneypotDB entirely through the API, JSON is beautiful (unlike XML). I do also like pretty dashboards and visuals, so we’re also building a powerful web UI.
Through the UI you’ll be able to do everything the API can, in addition to creating graphs, charts metrics and dashboards. We’re creating a page to get a complete point-in-time assessment of any CVE, TTP or Indicator (IP Address and Hashes), detailing it’s real-world threat right now.
You can also explore our entire honeypot network, investigating what CVEs we have deployed, what they’re disguised as and where they are. Although, of course some information will need to be kept secret 🤫
. We’re also building a live attack map you can put on your SOC’s wall. Thats what those big screens are for, right? Unlike some other attack maps, ours will actually display live real-time data from captured attacks, no simulations here!
Honeypot Engine Development
A major component of the platform is our Honeypot framework and engine. It’s not something that will be particularly visible to customers but play a major part behind the scenes. Our engine has the capability to create a Honeypot for a specific CVE, disguise it and deploy hundreds of copies of it across the globe within 24 hours.
We have a vision of an elastically scalable honeypot network, using intelligence and metrics to dynamically scale types of honeypots based on the attacks we’re receiving. We’re also planning to expand our honeypot engine’s capabilities to impersonate entire networks, workstations, networking and IOT devices.
Plan for the future
The next few months at HoneypotDB are definitely going to be busy. We looking forward to releasing our Alpha by the end of the year and have already begun growing the business, marketing and taking advantage of some schemes within the industry.
Our upcoming Alpha
We’re really excited about our Alpha release, and we hope you are too. We’re planning for the initial release to be completely free, available for anyone to sign-up and use. During this time, we’re looking to gather some feedback from the community, listening to ideas, finding what works and what doesn’t.
At a glance our Alpha should include:
🍯
An initial network of honeypots capturing events for established CVEs🔍
Access to our powerful search engine to interrogate all our initial data🌡️
Point-in-time assessment and threat scoring⚙️
API access and a powerful Python SDK
Where to follow
We’re hope you’re as excited about HoneypotDB as we are, and look forward to you giving us a try later this year. In the meantime, we invite you to keep in touch via our various socials.
- Twitter (X)
- [LinkedIn](https://www.linkedin.com/company/honeypotdb/
- GitHub
We’re also planning to post regular updates on our development progress on this blog. So keep us bookmarked, or watch out for the post on socials. 🚀