This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
extraction of payloads into ElasticSearch #1652
Labels
no basic support info
Please follow the guidelines so we can help
Comments
github-actions
bot
added
the
no basic support info
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
hey guys how are you? :)
Last day I was looking for a chance to automatically extract payloads from
adbhoneyandcowrieso that I can feed other platforms like IntelOwl.Correct me if I am wrong: right now, those payloads can be found only in the
/data/<honeypot>folders.I thought about adding a logstash parser here to extract those payload from the file system and push a new document for each payload in Elastic with the base64 or hex encoded payload.
In that way it would be possible to use ElasticSearch to extract them and maybe add them into GreedyBear too as an additional feed.
Does it make sense to you? If yes, we could try doing that and open a PR to the project?
Looking forward to meet you at the next workshop :)
The text was updated successfully, but these errors were encountered: