anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
201d246c0780e32bd551efb9fd37336a5fc0beda
DECNET/development/EVENTS.md

5.0 KiB
Raw Blame History

DECNET Honeypot Events

This document details the events generated by each DECNET honeypot service, as found in their respective server.py files.

Service: docker_api

Event Type Included Fields
request method, path, remote_addr, body
startup None

Service: elasticsearch

Event Type Included Fields
startup None
post_request src, method, path, body_preview, user_agent
put_request src, method, path, body_preview
delete_request src, method, path
head_request src, method, path
root_probe src, method, path
cat_api src, method, path
cluster_recon src, method, path
nodes_recon src, method, path
security_probe src, method, path
request src, method, path

Service: ftp

Event Type Included Fields
startup None
connection src_ip, src_port
user username
auth_attempt username, password
download_attempt path
disconnect src_ip, src_port

Service: http

Event Type Included Fields
request method, path, remote_addr, headers, body
startup None

Service: imap

Event Type Included Fields
startup None
connect src, src_port
disconnect src
auth src, username, password
command src, cmd

Service: k8s

Event Type Included Fields
request method, path, remote_addr, auth, body
startup None

Service: ldap

Event Type Included Fields
startup None
connect src, src_port
bind src, dn, password
disconnect src

Service: llmnr

Event Type Included Fields
startup None
query proto, src, src_port, name, qtype
raw_packet proto, src, data, error

Service: mongodb

Event Type Included Fields
startup None
connect src, src_port
message src, opcode, length
disconnect src

Service: mqtt

Event Type Included Fields
startup None
connect src, src_port
disconnect src
auth src
packet src, pkt_type

Service: mssql

Event Type Included Fields
startup None
connect src, src_port
disconnect src
auth src, username
unknown_packet src, pkt_type

Service: mysql

Event Type Included Fields
startup None
connect src, src_port
disconnect src
auth src, username

Service: pop3

Event Type Included Fields
startup None
connect src, src_port
disconnect src
user src, username
auth src, username, password
command src, cmd

Service: postgres

Event Type Included Fields
startup None
connect src, src_port
startup src, username, database
auth src, pw_hash
disconnect src

Service: rdp

Event Type Included Fields
startup None
connection src_ip, src_port
data src_ip, src_port, bytes, hex
disconnect src_ip, src_port

Service: redis

Event Type Included Fields
startup None
connect src, src_port
command src, cmd, args
disconnect src
auth src, password

Service: sip

Event Type Included Fields
request src, src_port, method, from_, to, username, auth
startup None

Service: smb

Event Type Included Fields
startup None
shutdown None

Service: smtp

Event Type Included Fields
startup None
connect src, src_port
disconnect src
ehlo src, domain
auth_attempt src, command
mail_from src, value
rcpt_to src, value
vrfy src, value
unknown_command src, command

Service: snmp

Event Type Included Fields
startup None
get_request src, src_port, version, community, oids
parse_error src, error, data

Service: tftp

Event Type Included Fields
startup None
request src, src_port, op, filename, mode
unknown_opcode src, opcode, data

Service: vnc

Event Type Included Fields
startup None
connect src, src_port
disconnect src
version src, client_version
security_choice src, type
auth_response src, response
Reference in New Issue View Git Blame Copy Permalink