Skip to content

HoneypotDB Documentation

Welcome to HoneypotDB's public documentation, this is where you can find information and guides on how to use HoneypotDB, detailing the capabilities of the platform and how you can use us in your day-to-day intelligence activities.

REST API Docs

If you're looking for our OpenAPI specification, that's over at https://api.honeypotdb.com/docs.

Who are we

At HoneypotDB. we're building a platform that tracks the real-world behaviors of cyber attackers to create activity-driven and example-led Threat Intelligence.

Powered by our global network of Honeypots disguised as CVE's, infrastructure and industries, we capture everything from network events, processed spaned, commands ran and filesystem events, all mapped to MITRE ATT&CK.

We're converting this data into behavior-based intelligence, and generating full end-to-end attack kill chains to map out attacks and highlight how to detect and prevent them.

About the platform

HoneypotDB is designed to be used as both an analysis and research tool via our powerful web application, and integrate natively into existing SIEAM, SOAR and CTI tooling.

Web Application

Available at https://app.honeypotdb.com our web application provides an interface to both Search our raw data via our Search API and discover metrics, trends and intelligence based on our data.

API

Enable easy integration with existing security tooling, our RestAPI is live at https://api.honeypotdb.com with the ability to execute a powerful Search of our data and query our intelligence APIs.

Contribute

This documentation is open source 🥳, if you would like to contribute please do so on gitHub github.com/HoneypotDB/docs.honeypotdb.com or press the 'Edit on GitHub' link on the top right of a page.