Author: Rufo De Francisco

Back on July 22, 2023, I wrote a blog post describing how to install the Cowrie honeypot and use Splunk Enterprise as its data repository. Although proprietary, Splunk is free if you keep your data volume under 500 MB per day. That solution worked fine for about six months, but then one day the honeypot…

Last week we took a look at the Cowrie feed. It’s made of a set of events and fields that, combined together, provide information useful in understanding patterns of cyberattack behavior, particularly those associated with brute-force attempts, as well as port and IP address scans. As a heterogeneous feed, the list of fields varies according…

As I mentioned in a previous blog, Cowrie is a fantastic, easy-to-use honeypot. It captures useful information on port scans and brute-force attempts over SSH and Telnet. This information is provided as an event-based feed. The entries –basically, sets of fields– in the feed are not normalized. This means that entries capture different information, based…

Cybersecurity — the body of knowledge and practices to defend internet-connected devices and products from malicious attacks by hackers, spammers, and cybercriminals — is very important to me. I conduct research into patterns of behavior, tactics, techniques, and procedures used in attacks. I run honeypots to understand how hackers evolve their attack practices. A honeypot…