Tracebit Logo

Tracebit

1
Commercial
Visit Website

Tracebit is a security canary deployment and management platform that helps organizations detect potential intrusions across cloud infrastructure, identity systems, and endpoints. The platform operates by: - Analyzing cloud environments through read-only connections to profile existing resources - Generating and recommending contextually appropriate security canaries based on environment analysis - Deploying canaries through infrastructure-as-code modules - Continuously evolving canary configurations to maintain effectiveness Key capabilities include: - Cloud resource monitoring across AWS and Azure environments - Integration with common security tools and SIEM platforms - Automated canary deployment and maintenance - Support for multiple resource types including S3 buckets, DynamoDB tables, Secrets Manager, SSM Parameters, IAM roles, and GitHub Actions - Infrastructure-as-code deployment using Terraform - Alert generation with contextual information for incident response The system focuses on implementing an "assume breach" approach by distributing deceptive resources that can identify unauthorized access attempts and lateral movement within cloud environments.

FEATURES

ALTERNATIVES

Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.

Repository of plugins for the Honeycomb honeypot framework

An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.

High-interaction SSH honeypot for logging SSH proxy with ongoing development.

A low-interaction SSH honeypot tool for recording authentication attempts.

A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.

A honeypot for malware that spreads via USB storage devices, detecting infections without further information.

Honeypot for Telnet service with configurable settings.