Add a new elasticsearch honeypot

adjust installer
adjust elasticpot configs to T-Pot's environment
create Dockerfile
adjust logstash config
update Readme
This commit is contained in:
t3chn0m4g3
2020-06-17 18:09:59 +00:00
parent 739c7c1154
commit 2882668826
16 changed files with 425 additions and 28 deletions

View File

@ -0,0 +1,31 @@
# ElasticPot Config
[MAIN]
# Manually set the externally accessible IP of the honeypot
ip = 192.168.1.1
[ELASTICPOT]
# ID pf the elasticpot instance
nodeid = elasticpot-community-01
# Location of the json logfile
logfile = log/elasticpot.log
# Set elasticpot = False to disable json logging and enable automatic attack submission to ews backend (soap)
elasticpot = True
[EWS]
# Note: Only relevant if "elasticpot = False"
# Username for ews submission
username = community-01-user
# Token for ews submission
token = foth{a5maiCee8fineu7
# API endpoint for ews submission
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
# Ignore certificate warnings
ignorecert = false