anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
a4798946c10d7ae6c7f7bc0c993ac00c7a43c7c9
DECNET/decnet
History
anti a4798946c1 fix: add remote_addr to IP field lookup so http/https/k8s events are attributed correctly 
Templates for http, https, k8s, and docker_api log the client IP as
remote_addr (Flask's request.remote_addr) instead of src_ip. The collector
and correlation parser only checked src_ip/src/client_ip/remote_ip/ip, so
every request event from those services was stored with attacker_ip="Unknown"
and never associated with any attacker profile.

Adding remote_addr to _IP_FIELDS in both collector/worker.py and
correlation/parser.py fixes attribution. The profiler cursor was also reset
to 0 so the worker performs a cold rebuild and re-ingests existing events with
the corrected field mapping.
2026-04-15 17:23:33 -04:00
..
collector
fix: add remote_addr to IP field lookup so http/https/k8s events are attributed correctly
2026-04-15 17:23:33 -04:00
correlation
fix: add remote_addr to IP field lookup so http/https/k8s events are attributed correctly
2026-04-15 17:23:33 -04:00
engine
feat: add component-aware RFC 5424 application logging system
2026-04-13 07:39:01 -04:00
logging
feat: add component-aware RFC 5424 application logging system
2026-04-13 07:39:01 -04:00
mutator
feat: add component-aware RFC 5424 application logging system
2026-04-13 07:39:01 -04:00
prober
chore: fix ruff lint errors, bandit suppressions, and pin pip>=26.0
2026-04-14 17:32:18 -04:00
profiler
fix: serialize HTTP headers as JSON so tool detection and bounty extraction work
2026-04-15 17:03:52 -04:00
services
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
sniffer
feat: add advanced OS fingerprinting via p0f integration
2026-04-15 12:51:17 -04:00
web
fix: serialize HTTP headers as JSON so tool detection and bounty extraction work
2026-04-15 17:03:52 -04:00
__init__.py
Initial commit: DECNET honeypot/deception network framework
2026-04-03 18:56:25 -03:00
archetypes.py
refactor(ssh): consolidate real_ssh into ssh, remove duplication
2026-04-11 19:51:41 -04:00
cli.py
refactor: enhance CLI with improved service registration and deployment
2026-04-15 12:50:53 -04:00
composer.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
config.py
feat: centralize microservice logging to DECNET_SYSTEM_LOGS (default: decnet.system.log)
2026-04-15 16:23:28 -04:00
custom_service.py
Add per-service customization, stealth hardening, and BYOS support
2026-04-04 04:08:27 -03:00
distros.py
fix: stabilize tests with synchronous DB init and handle Bandit security findings
2026-04-09 01:33:15 -04:00
env.py
feat: centralize microservice logging to DECNET_SYSTEM_LOGS (default: decnet.system.log)
2026-04-15 16:23:28 -04:00
fleet.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
ini_loader.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
models.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
network.py
fix: stabilize tests with synchronous DB init and handle Bandit security findings
2026-04-09 01:33:15 -04:00
os_fingerprint.py
feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls
2026-04-10 16:41:23 -04:00