This is an update for logstash and dashboard published in January for Didier’s tcp-honeypot.py honeypot script. The parser has been updated to follow the Elastic Common Schema (ECE) format, parsing more information from the honeypot logs that include revised and additional dashboards.
tcp-honeypot Log Analysis from Discover
tcp-honeypot Dashboard Summary
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.