Overview
HoneyDrop is a powerful tool designed to enhance your network's security by setting up decoy services that attract and distract attackers. When deployed within your internal network, it tricks cybercriminals into targeting these fake services instead of your real assets, giving you a crucial edge in detecting and understanding potential threats.
By logging every interaction with these decoys to AWS CloudWatch, HoneyDrop offers real-time insights into suspicious activities. You'll receive alerts via email or SMS whenever an attacker engages with the decoys, allowing you to respond swiftly. You can also set up CloudWatch alarms to trigger Lambda functions for automated incident response.
Highlights
- Lure attackers away from high value systems long enough to be identified
- Enable automated incident response actions to isolate and quarantine compromised hosts
- Enhance security posture without needing to install agents on instances
Details
Typical total price
$0.092/hour
Pricing
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
|---|---|---|---|
t2.nano | $0.02 | $0.006 | $0.026 |
t2.micro AWS Free Tier | $0.02 | $0.012 | $0.032 |
t2.small | $0.03 | $0.023 | $0.053 |
t2.medium | $0.05 | $0.046 | $0.096 |
t2.large | $0.09 | $0.093 | $0.183 |
t2.xlarge | $0.10 | $0.186 | $0.286 |
t3.nano | $0.02 | $0.005 | $0.025 |
t3.micro AWS Free Tier | $0.02 | $0.01 | $0.03 |
t3.small | $0.03 | $0.021 | $0.051 |
t3.medium Recommended | $0.05 | $0.042 | $0.092 |
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Refunds considered on a case-by-case basis.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Production-ready honeypot appliance.
Additional details
Usage instructions
Once deployed, please allow up to one minute for the HoneyDrop SSH service to become active. To connect to the HoneyDrop appliance, use the following command structure (notice the username is set to ubuntu and the port set to 2222):
ssh -i
Edit the /etc/honeydrop/honeydrop.conf file to enable services: nano /etc/honeydrop/honeydrop.conf
To enable a service, change its boolean value to "true". Setting it to "false" will disable the service.
If you have not done so already, you will need to create and attach an IAM role to this EC2 instance that allows it to send logs to CloudWatch:
Navigate to https://console.aws.amazon.com/iamv2/home#/roles and click on "Create role". Set the trusted entity type to "AWS service" and the use case to "EC2", now click next. Attach the "CloudWatchAgentServerPolicy" and click next. Optionally add your keys and click next. Name the role "HoneyDropRole" and click "Create role". Navigate back to EC2, https://console.aws.amazon.com/ec2/v2/home#Instances:instanceState=running Right-click on the HoneyDrop appliance, under "Security" click "Modify IAM role" Select the HoneyDropRole and click "Save".
Update the HoneyDrop's security group to only allow inbound traffic to the services enabled from the target VPC network IP ranges.
For more detailed instructions and a walk-through video, please visit: https://termilus.com/how-to-deploy-and-setup-honey-drop-in-aws/
Resources
Vendor resources
Support
Vendor support
We offer responsive and friendly support available to all HoneyDrop customers. Just reach out to us via email at: support@salientengineering.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
