search

3Create and test a honeypot

This page will guide you through the process of creating a honeypot with Mazeshark.

hashtag
Step 1: Navigate to the sidebar and select Honeypots

hashtag
Step 2: Click "+ Set up a new honeypot" in the top right corner

hashtag
Step 3: Configure your honeypot

To ensure your honeypots are difficult to detect, select a type that matches your existing resources and assign a name in a similar format. By clicking the "Set up honeypot" button, the app will redirect you to the honeypot's page.

hashtag
Step 4: Click "+Create CloudFormation stack"

Clicking this will open your AWS account in a new tab. You may need to sign in first if you're not logged in.

hashtag
Step 5: On the CloudFormation page scroll down and click "Create stack"

This will create a CloudFormation stack for your honeypot. Pro tip: name your stack to something unique that blends in your environment.

hashtag
Step 6: Monitor the status of your stack

It may take a minute or two for the honeypot to become active. Seeing CREATE_COMPLETE? Great job! Your honeypot is ready! Time to test your honeypot!

hashtag
Step 7: Click "Open your AWS Lambda function" on the honeypot's page

Make sure that your function's ARN is the same as configured for your honeypot.

hashtag
Step 8: Scroll down and click "Test"

No need to change or save the payload. Once you Invoked the function via the Test button, you should see the following message returned: "Forwarding event to server..."

Now, simply wait a few minutes for AWS to send the CloudTrail events and for MazeShark to detect the alert. You can also click "Re-check" on the honeypot's page.

hashtag
Step 9: Investigate test alert

You should see the test alert in the Alerts section:

Click on the alert to see the details.

Now, it's time to set up automation!

PreviousConnect AWS accountNextSet up automation

Last updated