项目 罗蕾莱

An Introduction to 项目罗蕾莱

项目罗蕾莱 began in 2014 with a singular purpose: underst和 what attackers, 研究人员, 和 organizations are doing in, 在, 和 against cloud environments. It does this by deploying low interaction honeypots—or computers that do not solicit services—globally 和 recording telemetry about connections 和 incoming attacks to better underst和 the tactics, 技术, 和 procedures used by bots 和 human attackers.

多年来, 项目罗蕾莱’s impact has been two-fold: First, it has enabled us to provide a rational, objective assessment of attacker behaviors 和 their potential impacts. This helps establish relationships with other internet-scale 研究人员 to create forums for collaboration 和 confirmation when new threats arise. 第二个, insights extracted from 罗蕾莱 have raised awareness about the depth 和 breadth of determined attackers, opportunistic attackers, organizational misconfigurations, 和 what security 研究人员 are poking for on the internet. You can explore these insights in Rapid7 studies such as The Attacker’s Dictionary，我们的 Quarterly Threat Reports, 和 see them put into practice with groundbreaking Attacker-Based Analytics 在我们的 InsightIDR 产品.

它是如何工作的

The 罗蕾莱 honeypot framework is a modern take on the seminal attacker detection tool: Each 罗蕾莱 node is a lightweight, configurable agent that is centrally deployed using well-tested tools 和 controlled from a central administration portal. Virtually any honeypot code can be deployed to 罗蕾莱 agents, 和 all agents send back full packet captures for post-interaction analysis. Currently, we have deployed over 150 honeypots worldwide, 在 5 continents.

All interaction 和 packet capture data is synchronized to a central collector, 和 all real-time logs are fed directly into Rapid7 产品s for live monitoring 和 historical data mining. When an unsolicited connection attempt is made to one of our honeypots, it often calls for further analysis.