Monitor a Honeypot with Azure App Insights

Richard P
7 min readNov 30, 2020
Photo by Boba Jaglicic on Unsplash

Have you ever wanted to watch foreign malicious actors attack a virtual machine in real time? In this article, we will do just that with a python honeypot and Azure Monitor.

First, I need to give a shout-out to the Microsoft docs for setting up Application Insights. This explains in greater detail some things that I gloss over.

Also check out my GitHub repo with python honeypot.

Outline

This article has 3parts:

  1. Create a honeypot — set up a virtual machine that will run a python script to expose a port to public connections. The script will reject attempts to connect by foreign actors and close the connection.
  2. Send the hackers’ IP address information to Application Insights on Azure.
  3. Analyze log data using Kustos Query Language in the Application Insights Logs dashboard.

Part 1. Create a honeypot

Rather than setting up the honeypot on your personal machine, I recommend setting up an

--

--

Richard P
Richard P

Written by Richard P

I write about databases and geospatial topics

No responses yet