When you configure Binary Defense Artillery Honeypot to send log data to USM Appliance, you can use the Artillery Honeypot plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
|Data Source Name||Artillery|
|Data Source ID||1914|
Integrating Artillery Honeypot
Before you configure the Artillery Honeypot integration, you must have the IP Address of the USM Appliance Sensor.
To configure Artillery Honeypot to send Syslog messages to USM Appliance
Edit the Artillery Honeypot config file, located in your Artillery Honeypot project folder, as follows:
# Specify SYSLOG TYPE to be local, file or remote. LOCAL will pipe to syslog, REMOTE will pipe to remote SYSLOG, and file will send to alerts.log in local artillery directory
# IF YOU SPECIFY SYSLOG TYPE AS REMOTE, SPECIFY A REMOTE SYSLOG SERVER TO SEND ALERTS TO
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, see the vendor documentation.