Up
Previous Next

Sheriff CSMâ„¢

Artillery Honeypot

When you configure Binary Defense Artillery Hfoneypot to send log data to Sheriff CSM, you can use the Artillery Honeypot plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Binary Defense
Device Type Honeypot
Connection Type Syslog
Data Source Name Artillery
Data Source ID 1914

Integrating Artillery Honeypot

Before you configure the Artillery Honeypot integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Artillery Honeypot to send Syslog messages to Sheriff CSM

Edit the Artillery Honeypot config file, located in your Artillery Honeypot project folder, as follows: 

# Specify SYSLOG TYPE to be local, file or remote. LOCAL will pipe to syslog, REMOTE will pipe to remote SYSLOG, and file will send to alerts.log in local artillery directory
SYSLOG_TYPE="REMOTE"
#
# IF YOU SPECIFY SYSLOG TYPE AS REMOTE, SPECIFY A REMOTE SYSLOG SERVER TO SEND ALERTS TO
SYSLOG_REMOTE_HOST="<Sheriff_CSM_IP_ADDRESS>"

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://github.com/BinaryDefense/artillery

https://github.com/BinaryDefense/artillery/blob/master/config

For troubleshooting, see the vendor documentation.

This topic: Sheriff > UserGuides > SheriffCSMDocumentation > DeploymentGuide > PluginManagement > ConfigureLogForwardingOnCommonlyUsedDataSources > ArtilleryHoneypot
Topic revision: 27 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.