Data dictionaries for the cowrie honeypot

[nicolasreich]

Hello, as mentioned in other issues, we are working on extending OSSEM coverage for different technologies we are using. One of them is the cowrie honeypot, for which we have reached what we think is a satisfying quality. Could you have a look and let us know whether it seems to match your standards? If so, we could then open a pull request.

The changes are in the cowrie data dictionaries as well as the markdown versions.

I wasn't able to regenerate the general data dictionary markdown README, the ossem_converter script crashes with FileNotFoundError: [Errno 2] No such file or directory: '.../source/data_dictionaries/aws/readme.yml' even though said file is present.

[Cyb3rWard0g]

This is awesome! Thank you very much @nicolasreich ! I had not played with the honeypot but I love to see those events getting documented. It would be very helpful for those also working with it.

I am not familiar with the schema but it looks good to me. for the standardization part of the dictionaries, did you use the entities available here? that is just a representation of what we have in OSSEM-CDM which is the sub-module where we cover a common data model https://ossemproject.com/cdm/entities/intro.html

[nicolasreich]

We used the entities from the OSSEM-CDM submodule. If it looks good enough to you, I'll open a pull request next week!