Beeswarm is an active IDS project with easy configuration.

Beeswarm is an active IDS project with easy configuration.

Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak credentials while doing so.

beeswarm overview

beeswarm overview

Beeswarm operates by deploying fake end-user systems (clients) and services (honeypots). Beeswarm uses these systems to provides IoC (Indication of Compromise) by observing the difference between expected and actual traffic. An IoC could be a certificate mismatch or the unexpected reuse of credentials (honeytokens).

beeswarm console

beeswarm console

Latest Version and Changelog v0.7.17 11/6/2016:
– Rename in ui: “Honeypot name” -> “Drone name”
– Added functionality to ping all drones from UI

Usage:

Source: https://github.com/honeynet