Closed JesseBowling closed 5 years ago
When generating these events on the honeypot instance:
uhp_1 | 2018-11-28T21:50:02+0000 10.10.10.10:43566 -> 172.25.0.2:2525 connect [] uhp_1 | 2018-11-28T21:50:05+0000 10.10.10.10:43566 -> 172.25.0.2:2525 recv [] HELO uhp_1 | 2018-11-28T21:50:14+0000 10.10.10.10:43566 -> 172.25.0.2:2525 recv [] HELO some.bad.guy uhp_1 | 2018-11-28T21:50:22+0000 10.10.10.10:43566 -> 172.25.0.2:2525 recv [] AUTH uhp_1 | 2018-11-28T21:50:57+0000 10.10.10.10:43566 -> 172.25.0.2:2525 recv [] AUTH LOGIN uhp_1 | 2018-11-28T21:51:22+0000 10.10.10.10:43566 -> 172.25.0.2:2525 disconnect []
This results in 5 events being logged to the CHN server dashboard. This is likely ok from a rich data perspective, but might perhaps be a bit noisy for parts of the ecosystem that only need summary data (CIF logging for instance).
Thoughts from the group?
When generating these events on the honeypot instance:
This results in 5 events being logged to the CHN server dashboard. This is likely ok from a rich data perspective, but might perhaps be a bit noisy for parts of the ecosystem that only need summary data (CIF logging for instance).
Thoughts from the group?