Artillery Honeypot
When you configure Binary Defense Artillery Honeypot to send log data to USM Appliance, you can use the Artillery Honeypot plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
Device | Details |
---|---|
Vendor | Binary Defense |
Device Type | Honeypot |
Connection Type | Syslog |
Data Source Name | Artillery |
Data Source ID | 1914 |
Integrating Artillery Honeypot
Before you configure the Artillery Honeypot integration, you must have the IP Address of the USM Appliance Sensor.
To configure Artillery Honeypot to send syslog messages to USM Appliance
Edit the Artillery Honeypot config file, located in your Artillery Honeypot project folder, as follows:
# Specify SYSLOG TYPE to be local, file or remote. LOCAL will pipe to syslog, REMOTE will pipe to remote SYSLOG, and file will send to alerts.log in local artillery directory
SYSLOG_TYPE="REMOTE"
#
# IF YOU SPECIFY SYSLOG TYPE AS REMOTE, SPECIFY A REMOTE SYSLOG SERVER TO SEND ALERTS TO
SYSLOG_REMOTE_HOST="<USM Appliance_IP_ADDRESS>"
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
https://github.com/BinaryDefense/artillery
https://github.com/BinaryDefense/artillery/blob/master/src/config.py
For troubleshooting, see the vendor documentation.