I like to enrich my honeypot data from a variety of sources to help understand a bit more about the context of the attack. This includes the types of networks the attacks are coming from or whether malware submitted to a honeypot is new. I use a variety of sources to enrich my cowrie data using cowrieprocessor [1]:

Article Link: Enrichment Data: Keeping it Fresh – SANS Internet Storm Center

1 post – 1 participant

Read full topic

​I like to enrich my honeypot data from a variety of sources to help understand a bit more about the context of the attack. This includes the types of networks the attacks are coming from or whether malware submitted to a honeypot is new. I use a variety of sources to enrich my cowrie data using cowrieprocessor [1]:
Article Link: Enrichment Data: Keeping it Fresh – SANS Internet Storm Center
1 post – 1 participant
Read full topic