Replies: 4 comments 1 reply
-
|
i'm doing the same thing you are. its a very good tool for a cyber security class. I'm using default settings. I'm using a hive sensor/server group. i have 1 server (default install) and 5 sensors on different networks. I used it all last semester, worked fine. Querying is a little slow but usable. I'd really like to expand the ES out to cluster for better performance, i just havent had time to wrap my head around how its set up with docker and how to translate that into a es cluster of 3 SSD nodes and probably 3 HDD nodes for long term storage. I'd like 12-24 months of logs to look at long term trends. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer |
Beta Was this translation helpful? Give feedback.
-
|
keep me updated on what you choose to do or what works for you. I hope to spend some time turning it into an es cluster for better performance this summer. other than that it does a very good job as a teaching tool. I will say be careful putting it on a campus network.. my campus IT department was LESS THAN THRILLED about me monitoring their network and malicious activity on that network. |
Beta Was this translation helpful? Give feedback.
-
|
It's an early project, I am waiting financial answers . It will take at least one year to begin production . My campus IT has not realized what a honeypot is .... Thanks for you proposal, I will keep you updating before I start. |
Beta Was this translation helpful? Give feedback.
-
|
i'm running it on very minimal hardware at the moment. the "server" is an old desktop computer with a 5tb HDD in it, while the sensor is an older desktop computer with a 250gb ssd. everything works fine. better hardware would be preferable, but it'll run on just about anything. |
Beta Was this translation helpful? Give feedback.
-
Helo,
I'd like to host a T-POT in my University. The goals are educational (I 'm a teacher in computer sciences, I want to show to visitors and future students a concrete dashboard and work with it during my course).
I need to evaluate number of servers (number of elastic nodes and others) , RAM (Elastic nodes and others ) and disk space for a 180 days retention. I don't want to be stretched (Elastic Stack will be also used for a small number of nodes to demonstrate a SIEM ) . The network bandwidth on the line is 1 Gb/s.
24 students can request simultaneously the T-POT and Elastic Stack during my security course.
I have not yet decided to work on premises or in CLOUD (AWS). Maybe you can give me advises also for the best solution from the angle of security (DOS ?) and easy exploitation.
Can you give me some return of experience on hardware sizing for this middle class T-POT ?
Thanks for your answers.
Beta Was this translation helpful? Give feedback.
All reactions