Skip to main content
All CollectionsHoneypotGeneral
How to respond to a detection
How to respond to a detection

You've received a Honeypot detection. Let's find out what's happening.

Updated over 10 months ago

You've received a Honeypot detection. It's essential to take each detection seriously. While it may be an IT engineer performing maintenance on your network, it could also be a hacker or virus exploring your network.

There is no straight answer on how to respond to a detection. It depends on the amount of activity and details available. For example, did you see only a single port scan detection, or were login attempts also detected? Did they rapidly follow each other, or is there a consistent interval?

Each detection contains an overview with information about the sensor/protocol, possible interaction with an attacker, and recommended steps based on the detection.

Screenshot+2023-01-24+at+15.11.29

Most of the time, the investigation starts with the source IP listed at a detection. Do you expect this kind of behavior from this source? Do you see strange processes running on the source?

Please feel free to reach out to us to get a few hints to get started when you're stuck on researching a detection.

Did this answer your question?