SecurityHive

You've received a Honeypot detection. It's essential to take each detection seriously. While it may be an IT engineer performing maintenance on your network, it could also be a hacker or virus exploring your network.

There is no straight answer on how to respond to a detection. It depends on the amount of activity and details available. For example, did you see only a single port scan detection, or were login attempts also detected? Did they rapidly follow each other, or is there a consistent interval?

Each detection contains an overview with information about the sensor/protocol, possible interaction with an attacker, and recommended steps based on the detection.

Most of the time, the investigation starts with the source IP listed at a detection. Do you expect this kind of behavior from this source? Do you see strange processes running on the source?

Please feel free to reach out to us to get a few hints to get started when you're stuck on researching a detection.

You've received a Honeypot detection. Let's find out what's happening.

How to respond to a detection

Dashboard

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you