pouyiouk
commented
5 years ago After implementing the solution provided in pull request #698, Honeymap doesn't display any of the suricata attacks.
Open pouyiouk opened 5 years ago
pouyiouk
commented
5 years ago After implementing the solution provided in pull request #698, Honeymap doesn't display any of the suricata attacks.
pouyiouk
commented
5 years ago UPDATE: Loads of attacks on backend but Suricata, pof, cowrie,amun attacks don't show on HoneyMap
PersonaN0nGrata
commented
5 years ago i tried implementing #698 also, to get the countryflags working, but nothing shows up on my Honeymap still. It appears that the attacks no longer show up either on the attacks page from cowrie I can still replay the attacks from the cowrie on the cowrie honeypot, but its not showing up on the H server for some reason
Went back to the old utils.py and attacks are showing up again, however without the countryflag, and the map is still not showing anything *** Dont know what happened. Made the fix work for the flags, but im not suure why the map isnt working.
PersonaN0nGrata
commented
5 years ago After restarting the servers, my conpot is also no longer showing on the map. Getting lots of attacks on the attacks page on both cowrie and conpot still, but nothing show on the map anymore
andyrat33
commented
4 years ago I think I have the same issue. I have Cowrie sensor that does not show up on the map and a Dionaea that does not show up. I added Snort to the same honeypot as Dionaea and the snort sigs do show on the map. If I stop the snort process on the Dionaea honeypot I get nothing at all on the map.
I have deployed a physical server from my home and I exposed it to the internet using DMZ. I am able to access the server login page and the map. I setup 4 VM using Azure service for honey pots to record attacks. Everything works perfectly fine. I am facing an issue though. The map shows only some of the attacks happening and not all of them. Please see attached images for more information.
echo "127.0.0.1 geospray.threatstream.com" >> /etc/hoststo update the IP geolocation service. 3.Runningsudo supervisorctl statuseverything is working perfectly fine. geoloc RUNNING pid 15199, uptime 2:55:32 honeymap RUNNING pid 15197, uptime 2:55:32 hpfeeds-broker RUNNING pid 15208, uptime 2:55:32 mhn-celery-beat RUNNING pid 15196, uptime 2:55:32 mhn-celery-worker RUNNING pid 15206, uptime 2:55:32 mhn-collector RUNNING pid 15207, uptime 2:55:32 mhn-uwsgi RUNNING pid 15205, uptime 2:55:32 mnemosyne RUNNING pid 15551, uptime 2:33:014.I also checked that the backend recieves packets with:
sudo tcpdump -A -nnNN 'tcp port 3000' | grep -o '\{.*' --line-buffered5.Inspecting the Honeymap page, I found out that there is an issue with one of the Javascript files and specifically the map fails to get a RegionName. 6.Geolocating and reverse looking undefined IPs I was able to pinpoint them to, Pakistan, China, Japan, Indonesia, Brazil, Spain etc. 7.Honeypot sensors: Snort, Conpot, Shockpot, CowrieDoes anyone know any workaround? As I am running Ubuntu Linux I don't have access to a GUI, apart from the web service. Any help is greatly appreciated.