Automated elasticSearch rolling upgrades, using Ansible

Upgrading elasticSearch is a joy Want to skip the waffly bit, skip to The code Anyone who had the pleasure of upgrading an elasticSearch cluster knows what a tedious and sometimes eventful process it can be. Unfortunately, I’ve not yet had the experience of working on large scale clusters (20+ nodes) however my experience with slightly smaller clusters have highlighted the need to automate this task. For those who don’t know, when you update an elasticSearch cluster, it’s best to perform what’s called a ‘rolling upgrade’.

A simple Logstash Redis filter powered by ruby

Hello! Hi there! It’s been a while 👋👋 I’ve been working on a lot of behind the scenes development for HoneypotDB, including changes to the ingest process and Logstash pipelines. One neat new HoneypotDB feature is an IP scoring system, enabling the ability for IP addresses to be graded on how dodgy they’re being, with scores mapped to the MITRE ATT&CK framework! To prevent the scoring system for being spanned, IP addresses will be added to a Redis based queue (really a list), before being bull out by score workers for processing.

The calm after the storm. HoneypotDB breakdown 27/09/2020

Honeypot Breakdown Week 3’s metrics are in, and this week shows a slight reduction in events since last’s weeks frenzy. Capturing 1,877,547 events and 307,021 SSH sessions, HoneypotDB has captured 4,578 usernames and 19,859 passwords this week, both of which are available for download via HoneypotDB’s API https://honeypotdb.com/api/lists/usernames https://honeypotdb.com/api/lists/passwords . Of the 345,192 login attempts captured this week from 11,477 IPs, 334,970 failed and 10,222 won the random draw and we’re successful.

DOUBLE?! HoneypotDB breakdown 20/09/2020

Honeypot Breakdown This week has seen a huge increase in events collected by HoneypotDB. Despite having the same 8 honeypots in 6 cities, HoneypotDB has captured 355,898 SSH sessions this week an increase of 207,131, thats 139%! Additionally, 230,133 more login events were captured taking this week’s total to 384,392. This 149% increase in log attempts boosted our metric of 6,031 successful logins from last week to 8,086 and more than generating more than double last weeks amount of 154,259 with 376,306.

HoneypotDB's new API

HoneypotDB now has an API 😀🎉🎉 I’ve been working on it all this week and I’m proud to present that HoneypotDB API v0.2.1 is live at https://honeypotdb.com/api along will full usage documentation, so please do give it a go. HoneypotDB also has a fancy new landing page, https://honeypotdb.com/ ! API features Right now, HoneypotDB API has as 2 main functionalities. Lists API The main goal for HoneypotDB is to provide a way for people to use the data collected to strengthen their cyber defence, the lists API is perfect for that!

The first HoneyPot Breakdown 13/09/2020

A quick introduction I’ve been working on a neat side project for a while now, a global honeypot network I’m calling HoneypotDB. I have some previous posts around this project and I’m excited to announce that I’ll now be posting weekly analysis of trends and metrics collected by HoneypotDB, as well as a downloadable export of any malware upload to my pots! My pots will automatically upload any new malware to S3 at 6PM every Sunday to https://hpdb-malware-drops.