Hi,
Was wondering that would i be able to use Splunk Enterprise to set-up monitoring of a honeypot activities, or would Splunk Enterprise Security be necessary for this deployment?
I have also stumbled upon the Tango Honeypot Intelligence app, would greatly appreciate if anyone can provide any guidance to get started as I am still a newbie to Splunk.
Thank you!
Here is a post I wrote about using Splunk Stream as a honeypot: https://answers.splunk.com/answers/794911/how-to-deploy-a-honeypot-using-splunk.html?childToView=794...
Hey! I'm the creator of the Tango honeypot Splunk app and can help you get started.
I'd start by following along with the github readme and see where that gets you - https://github.com/aplura/Tango
If you still can't get it working, please let me know of any issues at brian@nullsecure.org and I can help you figure it all out.