page-loader

Cowrie Honeypot Series – Part 2

In part 1 of the Cowrie Honeypot Series I covered the configuring of the HoneyPot in Azure, and setting up everything needed in Splunk to work with the logs. In today’s blog post, I’m going to be expanding on my Alert Framework and creating a new simple playbook to block SSH connections from attackers. My intent in this small project is to block any attacker’s IP address that successfully connects