| 
									
										
										
										
											2019-03-08 21:32:09 +00:00
										 |  |  | # HoneyPy/etc/honeypy.cfg | 
					
						
							|  |  |  | # https://github.com/foospidy/HoneyPy | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [honeypy] | 
					
						
							|  |  |  | # select any name for this HoneyPy node, it can be anything you want (default is: honeypy). | 
					
						
							|  |  |  | # It will be displayed in tweets, Slack messages, and other integrations. | 
					
						
							|  |  |  | nodename  = honeypy | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #add a comma seperated list of ip addresses to supress logging of your local scanners | 
					
						
							|  |  |  | #whitelist = 192.168.0.5, 192.168.0.21 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include the following service profiles (comma seperated), all services will be combined. | 
					
						
							|  |  |  | #enabling this will disable the use of service.cfg, which will not be processed | 
					
						
							|  |  |  | #service_profiles = services.databases.profile, services.linux.profile | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-13 21:13:36 +00:00
										 |  |  | # Limit internal log files to a single day. Useful for deployments with limited disk space. | 
					
						
							|  |  |  | limit_internal_logs = No | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Directory for internal HoneyPy logs (not external loggers). | 
					
						
							|  |  |  | # Use leading slash for absolute path, or omit for relative path | 
					
						
							|  |  |  | internal_log_dir = log/ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-08 21:32:09 +00:00
										 |  |  | # Tweet events on Twitter. Having a dedicated Twitter account for this purpose is recommended. | 
					
						
							|  |  |  | # You will need to Twitter API credentials for this to work. See https://dev.twitter.com/oauth/application-only | 
					
						
							|  |  |  | [twitter] | 
					
						
							|  |  |  | enabled        = No | 
					
						
							|  |  |  | consumerkey    = | 
					
						
							|  |  |  | consumersecret = | 
					
						
							|  |  |  | oauthtoken     = | 
					
						
							|  |  |  | oauthsecret    = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ######################################################################################################## | 
					
						
							|  |  |  | # Animus is dead! (http://morris.guru/the-life-and-death-of-animus/) This feature should be use no more. | 
					
						
							|  |  |  | # enable tweats to include querying Animus Threat Bot (https://github.com/threatbot) | 
					
						
							|  |  |  | # ask_animus     = No | 
					
						
							|  |  |  | ######################################################################################################## | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # Animus rises from the ashes! https://animus.io/ | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | ######################################################################################################## | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # Animus falls again. https://github.com/hslatman/awesome-threat-intelligence/pull/101 | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | ######################################################################################################## | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB. | 
					
						
							|  |  |  | # You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats | 
					
						
							|  |  |  | [honeydb] | 
					
						
							|  |  |  | enabled  = No | 
					
						
							|  |  |  | api_id   = | 
					
						
							|  |  |  | api_key  = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Post your events to a Slack channel. Having a dedicated Slack channel for this is recommended. | 
					
						
							|  |  |  | # For setting up your Slack webhook see https://api.slack.com/incoming-webhooks | 
					
						
							|  |  |  | [slack] | 
					
						
							|  |  |  | enabled     = No | 
					
						
							|  |  |  | webhook_url = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [logstash] | 
					
						
							|  |  |  | enabled = No | 
					
						
							|  |  |  | host    = | 
					
						
							|  |  |  | port    = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [elasticsearch] | 
					
						
							|  |  |  | enabled = No | 
					
						
							|  |  |  | # Elasticsearch url should include ":port/index/type | 
					
						
							|  |  |  | # example: http://localhost:9200/honeypot/honeypy | 
					
						
							|  |  |  | es_url  = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [telegram] | 
					
						
							|  |  |  | # You need to add your bot to channel or group, and get the bot token see https://core.telegram.org/bots | 
					
						
							|  |  |  | enabled = No | 
					
						
							|  |  |  | # Telegram bot HTTP API Token | 
					
						
							|  |  |  | bot_id = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [sumologic] | 
					
						
							|  |  |  | enabled = No | 
					
						
							|  |  |  | # create a http collector source and use the url provided | 
					
						
							|  |  |  | # https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source/Upload-Data-to-an-HTTP-Source | 
					
						
							|  |  |  | url = | 
					
						
							|  |  |  | custom_source_host = | 
					
						
							|  |  |  | custom_source_name = | 
					
						
							|  |  |  | custom_source_category = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [splunk] | 
					
						
							|  |  |  | enabled = No | 
					
						
							|  |  |  | # /services/receivers/simple api endpoint | 
					
						
							|  |  |  | url = https://localhost:8089/services/receivers/simple | 
					
						
							|  |  |  | username = | 
					
						
							|  |  |  | password = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [rabbitmq] | 
					
						
							|  |  |  | enabled = No | 
					
						
							|  |  |  | # Here you need create rabbitmq config url to be used with pika python lib | 
					
						
							|  |  |  | # For ex. 1) amqp://username:password@rabbitmq_host/%2f | 
					
						
							|  |  |  | #          2) amqp://username:password@127.0.0.1/%2f | 
					
						
							|  |  |  | url_param = | 
					
						
							|  |  |  | # Name of the Rabbitmq Exchange | 
					
						
							|  |  |  | # Ex. mycoolexchange | 
					
						
							|  |  |  | exchange = | 
					
						
							|  |  |  | # Rabbitmq routing Key if not configured in rabbitmq leave it | 
					
						
							|  |  |  | # Ex. honeypy | 
					
						
							|  |  |  | routing_key = | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [file] | 
					
						
							|  |  |  | enabled = Yes | 
					
						
							|  |  |  | filename = log/json.log | 
					
						
							| 
									
										
										
										
											2019-03-13 21:13:36 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | [hpfeeds] | 
					
						
							|  |  |  | enabled    = No | 
					
						
							|  |  |  | persistent = Yes | 
					
						
							|  |  |  | server     = 127.0.0.1 | 
					
						
							|  |  |  | port       = 20000 | 
					
						
							|  |  |  | ident      = ident | 
					
						
							|  |  |  | secret     = secret | 
					
						
							|  |  |  | channel    = channel | 
					
						
							|  |  |  | serverid   = id |