UHH-ISS/honeygrove-cim

Cyber Incident Monitor (CIM) for the honeygrove honeypot

honeygrove-cim

Quickstart Guide

EK Stack

• TODO

CIM Endpoint

• Clone the repository or download and unzip it
• Optional: Setup a virtualenv to contain the required dependencies

  $ python3 -m venv .venv
  $ source .venv/bin/activate

• Install the required python dependencies

  $ pip3 install --upgrade -r requirements.txt

• Install broker and the python bindings to communicate with a CIM
• Create the log directory for the cim endpoint

  $ mkdir -p /var/honeygrove/cim/logs

• Edit the configuration file to fit your needs

  $ $EDITOR honeygrove_adapter/config.py

• Start the CIM endpoint and verify everything works as expected

  $ ./honeygrove-cim.sh

Contributors

Honeygrove was initially developed as a bachelor project of the IT-Security and Security Management working group at Universität Hamburg and subsequently improved.

Contributors that agreed to be named are:

• Arne Büngener
• Alexandra Lindt
• Adrian Miska
• Frieder Uhlig
• Julian 4goettma