Logstash Parser & Dashboard Update

Published: 2020-06-28
Last Updated: 2020-06-28 11:54:46 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

This is an update for logstash and dashboard published in January for Didier's honeypot script. The parser has been updated to follow the Elastic Common Schema (ECE) format, parsing more information from the honeypot logs that include revised and additional dashboards.

tcp-honeypot Log Analysis from Discover

tcp-honeypot Dashboard Summary

The file tcp-honeyport parser can be downloaded here and the dashboard JSON here.


Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

2 comment(s)


Looks nice! Is this or will this be integrated into the DShield honeypot?
This is not currently part of the DShield Honeypot, this is a different honeypot maintained by handler Didier Stevens.

Diary Archives