Honeypot data for multiple protocols

Honeypot data for multiple protocols (Telnet, SSH, several HTTP-based protocols and services) from UL CyberLab honeynet.

  • session_id (string): Unique ID of the session
  • dst_ip_identifier (string): Pseudonymized dst public IPv4 of the honeypot node
  • dst_host_identifier (string): Obfuscated (pseudonymized) name of the honeypot node
  • src_ip_identifier (string): Obfuscated (pseudonymized) IP address of the attacker
  • eventid (string): Event id of the session in the cowrie honeypot
  • timestamp (string): UTC time of the event
  • message (string): Message of the Cowrie honeypot
  • protocol (string): Protocol used in the cowrie honeypot; either ssh or telnet
  • geolocation_data/postal_code (string): Source IP postal code as (determined by logstash)
  • geolocation_data/continent_code (string): Source IP continent code (as determined by logstash)
  • geolocation_data/country_code3 (string): Source IP country code3 (as determined by logstash)
  • geolocation_data/region_name (string): Source IP region name (as determined by logstash)
  • geolocation_data/latitude (float): Source IP latitude (as determined by logstash)
  • geolocation_data/longitude (float): Source IP longitude (as determined by logstash)
  • geolocation_data/country_name (string): Source IP full country name (as determined by logstash)
  • geolocation_data/timezone (string): Source IP timezone
  • geolocation_data/country_code2 (string): Source IP country code2
  • geolocation_data/region_code (string): Source IP region code
  • geolocation_data/city_name (string): Source IP city name
  • src_port (int): Source TCP port
  • sensor (string): Sensor name; serves to identify our experiment config
  • arch (string): Represents the CPU/OS architecture emulated by honeypot
  • duration (string): Session duration in seconds
  • ssh_client_version (string): Attacker's SSH client version
  • username (string): Login username; only used for login events
  • password (string): Password; only used for login events
  • macCS (string): HMAC algorithms supported by the client
  • encCS (string): Encryption algorithms supported by the client
  • kexAlgs (string): Key exchange algorithms supported by the client
  • keyAlgs (string): Public key algorithms supported by the client

Data and Resources

Additional Info

Field Value
Last Updated November 22, 2022, 15:49 (UTC)
Created November 11, 2022, 10:55 (UTC)