Open-source deception technology platform for detecting network intrusions.
Open-source deception technology platform for detecting network intrusions.
The Entire Cybersecurity Market, One Prompt Away
Connect your AI assistant to ... tools and ... vendors. Ask anything about the cybersecurity market.
HoneyWire is an open-source deception technology platform designed to detect unauthorized lateral movement within internal networks. The platform allows users to deploy "HoneyWires" on any Linux machine, turning it into a canary that mimics legitimate assets or just has passive tripwires such as router login pages, TCP tarpits, and network scan detectors. The core architecture consists of two components: - HoneyWire Hub: A self-hosted, centralized dashboard and API (built in Go) that manages the fleet of deployed HoneyWires, handles configuration, and routes alerts to external integrations such as SIEMs, Slack, and mobile notifications. It is distributed as a Docker container. - HoneyWire CLI Wizard: A command-line tool that automates deployment and reconciles edge infrastructure against Hub configurations with zero footprint. When a deployed HoneyWire is accessed, which has no legitimate reason to occur, it immediately fires a high-fidelity alert to the Hub, which then forwards the event to configured integrations. This approach eliminates false positives inherent in traditional log-based detection methods. HoneyWire targets both individual operators and enterprise environments. An enterprise beta program is in development, with planned features including SAML/SSO integration, role-based access control, a cloud-hosted Hub, native SIEM forwarding (Splunk, CrowdStrike, Datadog), audit logs, and automated compliance reporting for SOC 2, ISO 27001, and HIPAA. The project is open-source and self-hosted by default, with an enterprise tier under development for large-scale deployments across multiple subnets requiring compliance and access control features.