Honeypot Threat Analytics
Cowrie + Dionaea + WebTrap → live SOC console
THREAT
—
connecting…
◐
Report ↗
▶ Simulate attack
0
Total events
0
Connections
0
Failed logins
0
Breaches
0
Commands
0
Unique IPs
0
Protocols hit
🛰️ Protocol coverage
services attacked · sensor · worst severity
No protocol activity yet — run a simulation
🧬 Attacker campaigns
source IPs clustered by behaviour · TF-IDF + cosine similarity
Analysing attacker behaviour…
Attack activity
events per minute · hover for detail
Severity mix
all events
Attacker origins
geo-located source IPs
high abuse
medium
observed
bubble size = event volume
Top origin countries
by events
Live event feed
All
High+
Critical
All protocols
Waiting for events…
MITRE ATT&CK
techniques observed
Attack sessions
grouped by session
Session
Source
Fails
Events
Top command
State
Alerts raised
Wazuh rules
Top credentials tried
brute-force
User
Password
Attempts
Top commands
post-exploitation
Command
Count