Enterprise-ready Honeypot-as-a-Service with Real-Time Log Analysis
T-Pot is an all-in-one multi-honeypot platform combining containers of popular honeypot daemons (e.g., Cowrie, Dionaea, Mailoney, and more) integrated with an ELK stack for real-time data visualization. This document details the secure deployment of T-Pot on Vultr Cloud and analysis of attack patterns.
- Requirements
- Step 1: Cloud Provisioning (Vultr)
- Step 2: Installing T-Pot Honeypot
- Step 3: Accessing Kibana Dashboard
- Step 4: Log Analysis & Attack Insights
- Step 5: Hardening & Monitoring
- Learning Outcomes
- References
- Vultr account (Sign up)
- 1 VM (Recommended: Ubuntu 20.04 LTS, 8 GB RAM, 100 GB SSD, 1 IPv4)
- Static IP (Auto-assigned by Vultr)
- Domain (Optional) for remote access
- SSH client (e.g., OpenSSH, PuTTY)
- Git, Docker knowledge preferred
- Login to Vultr Dashboard
- Deploy a Compute Instance
- OS: Ubuntu 20.04 x64
- Server Type: Shared cloud
- Region: Prefer region near you
- IPv4: Enabled
- Choose:
- RAM: Minimum 8 GB
- Storage: 100 GB SSD
- I choosed (8Gb ,160GB SSD , 4 cores)
- Click Deploy Now
- Once deployed, get the IP Address and set up SSH:
ssh root@<your-server-ip>