[Script request] Deceptifeed #3864
Unanswered
jwgn
asked this question in
Request script
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Application Name
Deceptifeed
Website
https://github.com/r-smith/deceptifeed
Description
Deceptifeed is a honeypot and threat feed server. It runs multiple deceptive network services (honeypots), while the threat feed lists IP addresses that have interacted with the honeypots. Additionally, Deceptifeed provides real-time visibility into honeypot activity, allowing you to monitor logs and interactions as they occur.
When an IP address interacts with a fake server on your network, why should it be allowed to access your real servers? Deceptifeed helps you build an automated defense system to reduce such risks. In a typical deployment, it runs alongside your real servers. The honeypots are exposed to the internet, while the threat feed remains private for use with your internal tools.
Most enterprise firewalls support ingesting threat feeds. By pointing to Deceptifeed, your firewall can automatically block IP addresses that interact with the honeypots. For other security tools, the threat feed is available in several formats, including plain text, CSV, JSON, and TAXII.
Due Diligence
Beta Was this translation helpful? Give feedback.
All reactions