Splunk Enterprise Security

Can I use Splunk Enterprise to set up monitoring of a honeypot?

5plunked
Explorer

Hi,

Was wondering that would i be able to use Splunk Enterprise to set-up monitoring of a honeypot activities, or would Splunk Enterprise Security be necessary for this deployment?

I have also stumbled upon the Tango Honeypot Intelligence app, would greatly appreciate if anyone can provide any guidance to get started as I am still a newbie to Splunk.

Thank you!

0 Karma

marycordova
SplunkTrust
SplunkTrust

Here is a post I wrote about using Splunk Stream as a honeypot: https://answers.splunk.com/answers/794911/how-to-deploy-a-honeypot-using-splunk.html?childToView=794...

@marycordova
0 Karma

nullsecure
Engager

Hey! I'm the creator of the Tango honeypot Splunk app and can help you get started.

I'd start by following along with the github readme and see where that gets you - https://github.com/aplura/Tango

If you still can't get it working, please let me know of any issues at brian@nullsecure.org and I can help you figure it all out.

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...