Have you ever wanted to watch foreign malicious actors attack a virtual machine in real time? In this article, we will do just that with a python honeypot and Azure Monitor.
First, I need to give a shout-out to the Microsoft docs for setting up Application Insights. This explains in greater detail some things that I gloss over.
Also check out my GitHub repo with python honeypot.
Outline
This article has 3parts:
- Create a honeypot — set up a virtual machine that will run a python script to expose a port to public connections. The script will reject attempts to connect by foreign actors and close the connection.
- Send the hackers’ IP address information to Application Insights on Azure.
- Analyze log data using Kustos Query Language in the Application Insights Logs dashboard.
Part 1. Create a honeypot
Rather than setting up the honeypot on your personal machine, I recommend setting up an…
