Alert Detection

Regardless of your honeypot’s purpose, alerting is a key component to its value. Alerts generated by prevention honeypots notify organizations to be on the lookout for other attacks. The attacker may have been confused or deterred, but that does not mean he won’t be coming back. For detection honeypots, alerting is the primary mission, to identify suspicious activity and notify the proper individuals. For incident response, organizations will want to react to an attack as fast as possible. The sooner they can access the compromised honeypots, the greater the value of the collected evidence. Alerting for research honeypots is especially critical. The purpose of research honeypots is to gather information, which is often sensitive. ...

Get Honeypots: Tracking Hackers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.