close
close

Enrichment data: keep it up to date (Friday 6 September)

cropped-itsecuritynews.png

I like to enrich my honeypot data with different sources to gain more insight into the context of the attack. This includes the types of networks the attacks are coming from or whether the malware being sent to a honeypot is new. I use different sources to enrich my cowrie data using cowrieprocessor (1):

This article is indexed from SANS Internet Storm Center, InfoCON: green

Read the original article:

Enrichment data: keep it up to date (Friday 6 September)