Honeypot Threat Analytics

Cowrie + Dionaea + WebTrap → live SOC console
THREAT connecting… Report ↗
0
Total events
0
Connections
0
Failed logins
0
Breaches
0
Commands
0
Unique IPs
0
Protocols hit

🛰️ Protocol coverage

services attacked · sensor · worst severity
No protocol activity yet — run a simulation

🧬 Attacker campaigns

source IPs clustered by behaviour · TF-IDF + cosine similarity
Analysing attacker behaviour…

Attack activity

events per minute · hover for detail

Severity mix

all events

Attacker origins

geo-located source IPs
high abuse medium observed bubble size = event volume

Top origin countries

by events

Live event feed

Waiting for events…

MITRE ATT&CK

techniques observed

Attack sessions

grouped by session
SessionSourceFailsEventsTop commandState

Alerts raised

Wazuh rules

Top credentials tried

brute-force
UserPasswordAttempts

Top commands

post-exploitation
CommandCount