Consolidate emails for port scanning attacks?

hackern0v1c3 / CanaryPi

Startup project to create a simple to deploy honey pot style detection tool for alerting on common network attacks

39 stars 1 forks source link

Consolidate emails for port scanning attacks? #16

Open 7MinSec opened 4 years ago

7MinSec commented 4 years ago

Hi pal! :-)

Just got CanaryPi spun up in my fresh lab and it's working great. I did notice that when I do an nmap scan on the network, I get one email notification per port that was scanned, so: one notification for port 110 hit, another for port 143 hit, etc.

I think we might've Slack'd about this a while back, but could the email alert come in digests where maybe it consolidates the alerts and sends every 1-2 minutes in order to give something like a port scan time to finish?

Brian

7MinSec commented 4 years ago

Update: if the digest emails could be sent when attacks end it would be nice too.