Up
Previous Next

Sheriff CSMâ„¢

Atomic Software HoneyBOT

When you configure Atomic Software HoneyBOT to send log data to Sheriff CSM, you can use the HoneyBOT plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Atomic Software Solutions
Device Type Honeypot
Connection Type Syslog
Data Source Name Honeybot
Data Source ID 1915

Integrating Atomic Software HoneyBOT

Before you configure the Atomic Software HoneyBOT integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Atomic Software HoneyBOT to send Syslog messages to Sheriff CSM
  1. Open the main application window of the HoneyBOT application.

  2. Select Options from the View menu to configure HoneyBOT.

  3. Select the Syslog option to send connection events to a Syslog server. Enter the Sheriff CSM IP Address as the Syslog server IP address and specify 514 as the port on which Syslog messages will be sent.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://www.atomicsoftwaresolutions.com/

http://www.atomicsoftwaresolutions.com/help.php

http://archives.mysteryfcm.co.uk/security/honey_pots/honeybot/honeybotuserguide.pdf

For troubleshooting, see the vendor documentation.
Topic revision: r9 - 27 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.