Skip to content

collect logs and alerts from 27 honeypots and send it to backed (eg peba, geba), hpfeeds, influxdb or jSON file.

License

Notifications You must be signed in to change notification settings

telekom-security/ewsposter

Repository files navigation

EWSPOSTER

EWSPoster is a tool, written in Python to, to collect logs and alers from differents honeypots (eq Glastopf v3, Dionaea, Honeytrap, eMobility, Conpot, Cowrie, Elasticpot, Rdpy, Mailoney, Vnclowpot, Heralding, Ciscoasa, Tanner, Snare, Glutton, Honeysap, Adbhoney, Ipphoney, Dicompot, Medpot, Honeypy, Citrixhoneypot, redishoneypot, endlessh), sentrypeer, log4pot also network IDS (eg Suricata, Fatt) and transmit them to InfluxDb, JSON, Hpfeed or an Honeypot backend (eg Peba or Geba).

Requirements

You need to install the libarys list in requirements.txt

pip3 install -r requirements.txt

Usage

Take a look at the usage text.

./ews.py -h
usage: ews.py [-h] [-c CONFIGPATH] [-v] [-d] [-l LOOP]
          [-m {glastopfv3,dionaea,honeytrap,emobility,conpot,cowrie,elasticpot,suricata,rdpy,mailoney,
               vnclowpot,heralding,ciscoasa,tanner,glutton,honeysap,adbhoney,fatt,ipphoney,dicompot,
               medpot,honeypy,citrix,redishoneypot,endlessh,sentrypeer,log4pot}]
          [-s] [-i] [-S] [-E] [-j JSONPATH] [-L SENDLIMIT] [-V]

optional arguments:
   -h, --help                                  show this help message and exit
   -c CONFIGPATH, --configpath CONFIGPATH      Load configuration file from Path
   -v, --verbose                               set output verbosity
   -d, --debug                                 set output debug
   -l LOOP, --loop LOOP                        endless loop. Set {xx} for seconds to wait for next loop
   -m, --modul {glastopfv3, dionaea,           only send alerts for this modul
               honeytrap, emobility,
               conpot, cowrie, elasticpot,
               suricata, rdpy, mailoney,
               vnclowpot, heralding,
               ciscoasa, tanner, glutton,
               honeysap, adbhoney, fatt,
               ipphoney, dicompot, medpot,
               honeypy, citrix, redishoneypot,
               endlessh, sentrypeer, log4pot}
   -s, --silent                                silent mode without output
   -i, --ignorecert                            ignore certificate warnings
   -S, --sendonly                              only send unsend alerts
   -E, --ewsonly                               only generate ews alerts files
   -j JSONPATH, --jsonpath JSONPATH            write JSON output file to path
   -L SENDLIMIT, --sendlimit SENDLIMIT         set {xxx} for max alerts will send in one session
   -V, --version                               show the EWS Poster Version

Configuration

Take a look at the example ews.cfg.default and copy it via

cp ews.cfg.default ews.cfg