This is a project for integrating OpenCanary (Honeypot) with QRadar. This extension allows for the detection of cyber intrusions using opensource and free to use software. Combining the use of honeypots and monitoring software (SIEM), detecting and alerting abnormal internal activity is possible and easy to accomplish.
Installation:
- Download the zip file.
- Import the package from the extension management option in QRadar.
- Install the extension.
- Hunt for the bad guys!
Notes: 1/11/2022 When importing through the extension manager, the auto detection needs to be enabled manually. For this go to the admin tab, DSM Editor, search for OpenCanry, click on select button, select the tab Configuration and enable the first option: Enable Log Source Autodetection. Save it and close the window.