search

telekom-security / tpotce

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
GNU General Public License v3.0
6.86k stars 1.08k forks source link

Notifications #204

Closed packet808 closed 6 years ago

packet808 commented 6 years ago

Hi Tpot Team,

is the latest version 17 has a functionality of notifications or alert?

Your utmost reply is appreciated?

t3chn0m4g3 commented 6 years ago

No.

packet808 commented 6 years ago

Do you think for the next version, which is 18, do you consider to have an alert or notifications?

Thank you for quick response.

t3chn0m4g3 commented 6 years ago

No, since almost everyone wants to use a different alert method (eMail, Syslog, SMS, Pagerduty, Pushover, ...) and it also can be easily achieved if you mount a modified logstash.conf into the logstash container. There are tons of output plugins available for logstash, which should meet all your alerting requirements.

t3chn0m4g3 commented 6 years ago

Example for conditional logstash.conf output section:

# Output section
output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }

  # Debug output
  #stdout {
  #  codec => rubydebug
  #}

  # Example for conditional output using alerta-cli (http://alerta.io/)
  # Of course you can also modify to transmit events to Splunk, Hipchat or anything of your liking
  #if [type] == "ConPot" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-Conpot -e Alert -E Production -S Conpot -s major -t <ip>"
  #  }
  #}
  #if [type] == "Cowrie" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-Cowrie -e Alert -E Production -S Cowrie -s major -t <ip>"
  #  }
  #}
  #if [type] == "Dionaea" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-Dionaea -e Alert -E Production -S Dionaea -s major -t <ip>"
  #  }
  #}
  #if [type] == "ElasticPot" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-Elasticpot -e Alert -E Production -S Elasticpot -s major -t <ip>"
  #  }
  #}
  #if [type] == "eMobility" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-eMobility -e Alert -E Production -S eMobility -s major -t <ip>"
  #  }
  #}
  #if [type] == "Glastopf" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-Glastopf -e Alert -E Production -S Glastopf -s major -t <ip>"
  #  }
  #}
  #if [type] == "Honeytrap" {
  #  exec {
  #    command => "alerta --endpoint-url http://<ip>:<port>/api send -r <host>-Honeytrap -e Alert -E Production -S Honeytrap -s major -t <ip>"
  #  }
  #}
}
martinghost62 commented 5 years ago

where is the logstash.conf file?

TDanny commented 1 year ago

I created a manual how to create and configure Mail Alerts for Tpot:

https://github.com/TDanny/Honeypot-Realtime-Mail-Alert-project

Enjoy , I hope you will find it useful.