Zeek on Joshua's Notebook

HoneyPi: A Sample AI-Generated Threat Report

Thu, 18 Jun 2026 00:00:00 +0000

I wanted to post a sample of the AI-Generated reporting that I was able to achieve with only a little bit of tweaking to the prompts in the base script. The value add here for someone in my position with limited time and resources is incredible. My next implementation of this, will be internal focused on that Security Onion stack and the report will be directed at what I need to address daily on my internal assets.

HoneyPi Part 5: Combining the Streams on the Mac

Tue, 16 Jun 2026 09:00:00 -0500

In the previous post I got two of the three streams live on the Pi: Cowrie and Suricata, both shipping to Loki through Alloy with a shared src_ip key. This post covers the Mac side, which is where the third stream comes in and where the whole correlation idea stops being a diagram and starts being something you can actually query. By the end of it, one attacker IP lights up across all three tools at once, and any single network flow can be matched between Suricata and Zeek deterministically rather than by eyeballing timestamps.

HoneyPi Part 3: Enrichment Planning

Sat, 13 Jun 2026 00:00:00 +0000

Now we get into the part of the project that I have little to no experience in. While I have used the tools, I don’t have years of working knowledge and I have certainly never combined them in this way in an attempt to build a narrative around an attack. Thus enter my good buddy Claude to fill in the gaps.

I knew what I wanted, but not how to get there. I have been in school with SANS for some time now and while I have learned an absolute ton, I don’t claim myself to be an expert in anything. Since this is my first experience setting up a honeypot like this, I started reading about different ways to parse the data… and man there are a lot of them. I decided that while I could follow a write up of someone that had come before me to the letter and have a working solution in no time, I would probably learn more by explaining what I wanted to AI and having it coach me through the process.