Blog

Category: Modern Honey Network

Splunking The Modern Honey Network: Community Data (Part 4)

Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...

Read More

MHN Radar: Databases Under Siege

Anomali’s Modern Honeypot Network (MHN for short) is a worldwide network of honeypot sensors that collects data on scans, probes and intrusions of various network ports and services. By looking at data collected by MHN we can piece together a picture of the current threat landscape for a...

Read More

Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)

In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...

Read More

Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)

Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...

Read More

Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)

Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...

Read More

4 Ways to Get the Most Out of the Modern Honey Network

Setting up a honeypot is a well-known strategy for having a complete cyber-security system. The honeypot is a phony, low-stakes web environment you set up as a decoy. Hackers find the resource and by exploring it for vulnerability, leave clues about their identities and motivations. In addition to incriminating themselves,...

Read More

Turn the Tables on Cyber-Crime With The Modern Honey Network

If your network is hacked, you will have a multitude of reactions, including an urge to respond in kind. Technically hacking the hackers isn’t legal, but deceiving intruders is! Advanced persistent threats are targeted at those who have information of value to the hacker. Scrubbing away malware is...

Read More

The Accuracy Of The Honeypot Network

Discovering evidence that someone is probing your network for weaknesses before they successfully attack makes all the difference. You will learn a lot about your enemies and what they are seeking after your network has been infected or your data has been stolen, copied, or sabotaged. But there is no...

Read More

Juniper ScreenOS Backdoor Password Seen Used in the Wild

Starting on December 22nd sensors that are part of the Modern Honey Network (MHN) started detecting several systems using the recently reported Juniper ScreenOS backdoor password (<<< %s(un='%s') = %u as reported by Rapid7 here).  This backdoor is identified as CVE-2015-7755. ...

Read More

Leveraging Your Honeypots with the Right Tools

Can you deploy honeypots offensively?In 1999, Lance Spitzner, published How To Build A Honeypot and since then we’ve seen a wide-scale proliferation of honeypot usage. Why? Because it's one of the only effective and offensive countermeasures we can take against hackers.Some may disagree that honeypots are...

Read More
Register for a Free Anomali Account Register now