honeypot rules?

[Kat]

Hi again,

Has anyone tried to put together Honeypot related rules for known honeypots like OpenCanary, MHN (cowrie, dionea, etc)? If not, I will continue my project to do them all, otherwise, I was going to contribute. My search has not been fruitful so far, but thought I would ask.

Kat

[alfonso.r...@wazuh.com]

Hello Kat,

Sorry for the delay. Right now, from Wazuh, we have no rules for honeypots and we do not prioritize their creation in our roadmap. We greatly appreciate the support of the community as it is the best way to move in the right direction and to grow in the right way. 

We are sure that your contribution will be of great value. We regret that we cannot be of any further assistance and are extremely grateful for your interest and collaboration.  

Kind regards,

Alfonso Ruiz-Bravo

[Louis Bernardo]

Hi Alfonso,

Would it be possible for Wazuh to create a log sample repository? That way vendors and clients can upload samples and those of us (like me) that are looking at creating rules can maybe start creating community rules for it? 

Thanks,

[Miguel Casares]

Hello Louis,

First of all, we really appreciate that you want to contribute to the project by improving the product.

We think it is a very good idea to create a log sample repository. Our team will study the idea to develop it in the future. When this is done, users will be informed through future versions of Wazuh.

Thank you again for your feedback.

Best regards,

Miguel Casares

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3601b7f0-cd78-422e-ac8d-7f63127604e0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Louis Bernardo]

Hi Miguel,

Only a pleasure, after all, if we don't help each other who will? It's great that you guys are looking at the option.

Best Regards,

​Louis​

[Alberto Rodriguez]

Hello

  Just as a note: we usually include in our .xml flies log samples in comments. Examples:

https://github.com/wazuh/wazuh-ruleset/blob/master/decoders/0310-ssh_decoders.xml#L15

https://github.com/wazuh/wazuh-ruleset/blob/master/decoders/0415-jenkins_decoders.xml#L15

https://github.com/wazuh/wazuh-ruleset/blob/master/decoders/0360-vmware_decoders.xml#L15

Anyway, a repository dedicated to unknown rules and decoders is a very good idea. 

Thanks all!!

Best regards, 

Alberto R

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2ee75f40-43bf-41ed-8978-93d6f47e96b5%40googlegroups.com.

[M G]

Hello,

I want ask about honeypot rules.
Do you have plan about this on yours roadmap?
I ask because this topic is from 2018 and maybe something was changed.

I wonder how much sense it makes to integrate Wazuha with Opencanary. Maybe you have some experience in this topic?

Best,

Mateusz

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3601b7f0-cd78-422e-ac8d-7f63127604e0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.