Create and test a honeypot

This page will guide you through the process of creating a honeypot with Mazeshark.

Step 1: Navigate to the sidebar and select Honeypots

Step 2: Click "+ Set up a new honeypot" in the top right corner

Step 3: Configure your honeypot

To ensure your honeypots are difficult to detect, select a type that matches your existing resources and assign a name in a similar format. By clicking the "Set up honeypot" button, the app will redirect you to the honeypot's page.

Step 4: Click "+Create CloudFormation stack"

Clicking this will open your AWS account in a new tab. You may need to sign in first if you're not logged in.

Step 5: On the CloudFormation page scroll down and click "Create stack"

This will create a CloudFormation stack for your honeypot. Pro tip: name your stack to something unique that blends in your environment.

Step 6: Monitor the status of your stack

It may take a minute or two for the honeypot to become active. Seeing CREATE_COMPLETE? Great job! Your honeypot is ready! Time to test your honeypot!

Step 7: Click "Open your AWS Lambda function" on the honeypot's page

Make sure that your function's ARN is the same as configured for your honeypot.

Step 8: Scroll down and click "Test"

No need to change or save the payload. Once you Invoked the function via the Test button, you should see the following message returned: "Forwarding event to server..."

Now, simply wait a few minutes for AWS to send the CloudTrail events and for MazeShark to detect the alert. You can also click "Re-check" on the honeypot's page.

Step 9: Investigate test alert

You should see the test alert in the Alerts section:

Click on the alert to see the details.

Now, it's time to set up automation!