CowrieĬowrie is a common ssh honeypot aimed to log connection attempts. MySQL will only listen on localhost while Grafana will listen on SERVER_IP:30003. Cowrie is a honeypot which will listen on SERVER_IP:22. We will first install Cowrie, then MySQL and finally Grafana. We can connect to the server through ssh. In this basic threat intel’ experiment, we assume having a headless system with a public IP ( SERVER_IP) and a domain name ( DOMAIN_NAME). We will use Cowrie to draw attackers’ attention (ssh honeypot), MySQL to store the collected data and Grafana to build a dashboard. In this context, we will collect attacks information so as to make a fancy dashboard to visualize what is going on. We will consider a basic system open on the Internet, in the grip of cyber-attackers. In this post, we will try to do threat intelligence at our modest level. We all dream of this world map with cyber attacks between countries like this one or the one of Kaspersky.
