I am very fond of ElasticSearch as a storage infrastructure and I do believe it is very useful for storing attack data, especially from honeypots. If you follow my blog, you would have seen my first attempts at transferring Kippo’s data to ElasticSearch, or creating Kibana dashboards to visualize SSH attacks. These eventually led to …
Tag Archive: Kibana
Jul 26 2014
HoneyDrive 3 Royal Jelly edition
Dear security enthusiasts, it’s been around one year and a half since the last release of HoneyDrive Desktop. Upon learning that my honeypots workshop has been accepted at BSides Las Vegas 2014, the thought of upgrading HoneyDrive has been greatly intensified in my mind, to the point that I decided to make it a reality! So, it …
Apr 28 2014
Kippo2ElasticSearch + Kibana update
The Kippo2ElasticSearch script has been updated and now creates proper entries with all attributes needed for each SSH login attempt. I have also included an exported Kibana dashboard file that you can import in your own instance and visualize the results. This is going to be very useful and it looks great. Please get/update by cloning/pulling from GitHub: https://github.com/ikoniaris/kippo2elasticsearch …
Mar 31 2014
Kippo attack heatmap in seconds using Kibana and Kippo2ElasticSearch
Continuing from my previous post, here is how to create an attack heat map in seconds using the same ElasticSearch + Kibana instance. First of all we have to download Maxmind’s GeoIP database. The general procedure is super easy (no need to do it): This will output a single GeoIP.dat file which is a binary …
Mar 30 2014
Transferring Kippo’s data to ElasticSearch
I have been investigating ElasticSearch and Kibana for some projects lately and I’ve come to appreciate the easiness of using the two pieces of software together for storing and visualizing data. This will be an introductory post to something bigger, but I just want to throw the idea out there: let’s transfer honeypot data to …