HoneyDB is a database and a web site that is created to capture and display event data from HoneyPy sensors that are running on the Internet.
This document provides information about the HoneyDB connector, which facilitates automated interactions with HoneyDB using FortiSOAR™ playbooks. Add the HoneyDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up an IP address in a twitter threat feed and retrieving a list of bad hosts from HoneyDB.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-honeydb
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Lookup IP | Looks up an IP address in a twitter threat feed. | lookup_ip Investigation |
Get Bad Hosts | Retrieves a list of bad hosts from HoneyDB. | bad_hosts Investigation |
The Sample - HoneyDB - 1.0.0
playbook collection comes bundled with the HoneyDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the HoneyDB connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
HoneyDB is a database and a web site that is created to capture and display event data from HoneyPy sensors that are running on the Internet.
This document provides information about the HoneyDB connector, which facilitates automated interactions with HoneyDB using FortiSOAR™ playbooks. Add the HoneyDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up an IP address in a twitter threat feed and retrieving a list of bad hosts from HoneyDB.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-honeydb
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Lookup IP | Looks up an IP address in a twitter threat feed. | lookup_ip Investigation |
Get Bad Hosts | Retrieves a list of bad hosts from HoneyDB. | bad_hosts Investigation |
The Sample - HoneyDB - 1.0.0
playbook collection comes bundled with the HoneyDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the HoneyDB connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.