JTCyberTech / Cybersecurity-Home-Labs

5 stars 1 forks source link

Azure Sentinel Honeypot - READ ME #4

Open JTCyberTech opened 1 year ago

JTCyberTech commented 1 year ago

honeypot-email-addresses_1200x630-1

Description:

I will establish a cloud-based Security Information and Event Management (SIEM) system using Azure Sentinel, using a Virtual Machine to function as a honeypot. The honeypot serves as a deceptive system or network engineered to entice potential attackers, aiming to collect insights into their methodologies, strategies, and motives. This information aids cybersecurity professionals in gaining a deeper understanding of potential threats and bolstering defense mechanisms.

I will closely monitor the logs of attempted intrusions on the honeypot, particularly focusing on scrutinizing failed Remote Desktop Protocol (RDP) login attempts. Subsequently, I will present a visual representation of the geographic origins of these attackers on a world map, facilitating the analysis of attack source locations.

Setup Overview

Key Reasons for Implementing SIEM