Skip to Content.

stingar - List for discussion of the STINGAR project

Please Wait...

Subject: List for discussion of the STINGAR project

Description: The overall goal of the STINGAR project is to enable faster generation, sharing, and action on threat intelligence data for the higher education community. To that end, we’ve embarked on a multi-year project to help make those goals real, and you’ll play an important part. We need all of you to help test out the technology we’re creating and give us feedback as to what works (or doesn't) for you environment.

We initially identified that many schools have an issue identifying local threat intelligence worth acting on and sharing. We believe that honeypots provide an excellent source of local threat data with a very high signal to noise ratio. To that end, we forked the ThreatStream Modern Honey Network (MHN) project, to our Community Honey Network project, and have been working to make it an easy-to-deploy, flexible, honeypot system. Our team has made many changes to the MHN project to support a few key features, primarily:

*) Containerization of both the honeypot server and individual honeypot sensors using Docker
*) Additions to the CHN server API allowing for easier extraction of threat data for actioning in your network
*) Adding additional output modules to submit to external platforms such as CIF automatically

You can follow project news here:

https://stingar.security.duke.edu

If you’d be so kind as to check our the documentation:

https://communityhoneynetwork.readthedocs.io/

And install some honeypots in your network today!

In return we’re asking:

*) If you do an install, please let us know so I know I can check in on progress/issues/etc.
*) Feedback on the install process, as well as (eventually) upgrades and any broken or missing features
*) Please share the honeypot data with others (especially us!). We have a couple ways this can be accomplished today (easiest is via a Duke CIF instance), and easier/faster/better ways are coming (message bus, etc.)
*) That you make use of this data operationally in your environment. Collecting and sharing is good, but unless we start taking actions this exercise is nearly pointless (which is to say…academic). ;)

Please do not hesitate to post here if you need some help getting started, or if you have feedback (both positive and negative).

Thank you very much for your time!

Cheers,

Alexander Merck
ITSO::Security Engineer
Duke University

Top of Page