Skip to content

feat: add PumbaLP/cowrie collection (parser & scenario)#1833

Open
PumbaLP wants to merge 8 commits into
crowdsecurity:masterfrom
PumbaLP:feat/cowrie-precision
Open

feat: add PumbaLP/cowrie collection (parser & scenario)#1833
PumbaLP wants to merge 8 commits into
crowdsecurity:masterfrom
PumbaLP:feat/cowrie-precision

Conversation

@PumbaLP

@PumbaLP PumbaLP commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown

Description

This PR introduces the PumbaLP/cowrie collection, which bundles an aggressive detection scenario (cowrie-precision) and a dedicated parser for Cowrie Honeypot (SSH/Telnet) JSON logs.

Unlike standard SSH brute-force detection, this scenario targets automated environment discovery and post-exploitation inside the honeypot. It triggers a leaky bucket overflow immediately upon connection attempts (cowrie-login) or emulated command executions (cowrie-command), routing the offending IP directly to local remediation profiles.

Functional tests and a sample log file with an anonymized private IP have been added under .tests/cowrie-precision/.

Checklist

  • I have read the contributing guide
  • I have tested my changes locally
  • For new parsers or scenarios, tests have been added
  • I have run the hub linter and no issues were reported (see contributing guide)
  • Automated tests are passing
  • AI was used to generate any/all content of this PR

@PumbaLP PumbaLP changed the title Feat/cowrie-precision feat: add PumbaLP/cowrie-precision scenario for cowrie honeypot Jun 23, 2026
@PumbaLP PumbaLP changed the title feat: add PumbaLP/cowrie-precision scenario for cowrie honeypot feat: add PumbaLP/cowrie collection (parser & scenario) Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PumbaLP