HoneypotDB 2024.2 Release: What’s New and Improved

Brad King

Development Updates

It’s been an exciting month since the debut of HoneypotDB, where our beta testers have been hard at work exploring our web UI, Search API, and authentication APIs. Thanks to their invaluable feedback and bug reports, we’re thrilled to announce the release of HoneypotDB 2024.2!

What’s New in 2024.2

Bug Fixes and Improvements

Our latest release addresses several ‘first release’ issues and incorporates enhancements based on feedback from our beta testers and internal testing. Here are some key fixes and quality of life improvements:

Bug Fixes:

  • Search API: Fixed the issue where the Search API responded with invalid JSON if no filter arguments were provided but time range arguments were.
  • Profile Page: Resolved the issues with the ‘Request password reset’ button and ‘Expire API Key’ not working correctly.
  • Metadata Handling: Addressed the problem with honeypot metadata not being preserved properly.
  • Deployment Processes: Enhanced internal deployment processes with improved security measures and automation.

Quality of Life Improvements:

  • Search API Default Time Range: The Search API now has a default time range if none is provided.
  • Public API Documentation: Added comprehensive Swagger/OpenAPI documentation, accessible via Redoc at https://api.honeypotdb.com/docs.
  • UI Enhancements: Included alt text and helper labels to make UI elements more intuitive.

Introducing the Signals Schema

We’re particularly excited about the introduction of our ‘Signals Schema’ in this release. This standardized schema allows for the consistent representation of the complex and diverse signals collected from our honeypots.

Benefits of the Signals Schema:

  • Simplified Querying: The schema enables uniform querying of data from different honeypot types, architectures, CVEs, and technologies through both the UI and API.
  • Enhanced Intelligence: Internally, this schema streamlines our process of converting raw data into actionable intelligence, paving the way for our upcoming Score APIs and real-time attack kill chain generation.
  • Mapping MITRE ATT&CK TTPs: Our ingest engine now supports mapping MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) to the data collected from our low-interaction honeypots, laying the groundwork for future high-interaction, custom honeypots.

An example signal In our new schema is below, with dedicated objects for pot metadata, timestamps and a simple parsed signal with TTPs mapped and geoLocation data for its source IP.

{
  "hpdb": {
    "pot": {
      "city": "Gunzenhausen",
      "country": "unknown",
      "host": "c1264715-5c6f-4101-b5e9-366c51fb3e4a",
      "lat": "0.0",
      "lon": "0.0"
    },
    "signal": {
      "command": {
        "args": "cd ~; chattr -ia .ssh; lockr -ia .ssh"
      },
      "id": "bde4e6f4-c35c-418a-b1b6-1a3851615a1a",
      "source": {
        "geolocation": {
          "geo": {
            "city_name": "Pak Kret",
            "continent_code": "AS",
            "country_iso_code": "TH",
            "country_name": "Thailand",
            "location": {
              "lat": 13.9181,
              "lon": 100.4974
            },
            "postal_code": "11120",
            "region_iso_code": "TH-12",
            "region_name": "Nonthaburi",
            "timezone": "Asia/Bangkok"
          },
          "ip": "61.7.241.146"
        },
        "ip": "61.7.241.146"
      },
      "ttps": [
        "T1078",
        "T1078.004"
      ]
    },
    "timestamp": {
      "ingest": "2024-07-31T14:31:33.890996Z",
      "original": "2024-07-31T14:31:25.278812Z"
    }
  }
}

Other Updates

In addition to the technical improvements, we are pleased to announce that Neil Lathwood of PTX has joined the HoneypotDB team as our first investor. Neil brings a wealth of experience as a CTO, which will be invaluable as we continue to grow and refine our platform. Learn more in our recent blog post.

Finally, we’re excited to onboard another new beta tester. We haven’t made an official announcement yet, but stay tuned for more details!

Join the Beta to get access

We hope you’re as excited about the start of HoneypotDB as we are. Access to our current releases is exclusive for beta testers only.

If you want to join our mission to fix Threat Intelligence speak to us about becoming a HoneypotDB Beta Tester and signing up-to our Beta Program.

We’re building, a platform that captures real-world attacks for the latest CVEs to help analysts build detection rules and defenses.

Twitter (X)

LinkedIn

GitHub

We’re also planning to post regular updates on our development progress on this blog. So keep us bookmarked, or watch out for the post on socials. 

Join The Beta

Get Early Access

Help make Threat Intelligence better!

Join our Beta Program for early access to our beta releases and influence the direction of our product.

Become a Beta Tester

Influence our roadmap

Have your say on the features, type of honeypots, integrations, and intelligence we build first.

Access Beta Releases

Get behind-the-scenes access to in-development releases of our product, provide feedback and bleeding-edge intelligence.

50% discount, forever

As a thank you, beta testers will receive a 50% discount on our future product’s pricing – lasting forever!


Disclaimers

The thumbnail photo of this post may have been generated using the Dall-E AI model.

The content of this post has been written by a human and may have been assisted by AI models for improvements in wording, structure and tone.