Page 52 - Cyber Warnings
P. 52
Once launched, a honeypot can attract attention in mere seconds. Blinking red dots, correlated
with IP geography, are scattered across the MHN global map. It visualizes the bad bees buzzing
around the new, exposed hive, the yellow beacon. All the while, those bees are revealing
source IP, destination ports, signatures, protocols and more, in a detailed, scrolling log at the
bottom of the map.
MHN examines HPfeeds flowing from the sensors, extracts information about the attacker, and
collects metadata about the type of honeypot that was attacked.
The collective brain power of open source tools including nmemosyne, honeymap, Mongo DB,
Dionaea, Conport, Snort, Suricata, Kippo, among others, are used to gather, organize, analyze
and store threat intelligence.
When users designate sharing, that information is funneled to the MHN community hub. MHN
provides full REST API out of the box.
CEF and STIX support are available for direct SIEM integration through ThreatStream’s
™
commercial platform, Optic . MHN also generates user-friendly reports that support attack trend
analysis. (The crowd-favorite report tends to be the list of most easily compromised passwords.)
You are creating—and watching—cyber vapor, the trail of evidence left behind by the adversary.
This is a hack attack in action.
52 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
