In this project, I set up and analyzed a honeypot environment on Microsoft Azure to study real-world attacker behavior.
-
Part 1 – Deployment:
I deployed a T-Pot Honeypot Lab in Azure, configured network security rules, and redirected exposed SSH traffic into the Cowrie honeypot for safe monitoring. -
Part 2 – Analysis:
I collected logs from Cowrie, built a Python-based analyzer to process attacker IPs, credentials, and executed commands, and visualized the findings in a SOC-style dashboard. -
Part 3 – Project Structure & Repo Organization:
I documented the repository structure, clearly separating sensitive raw outputs (analysis_output/, which is.gitignored) from safe demo files (demo/) and T-Pot screenshots (dashboards/).
This ensures the project can be shared publicly while protecting sensitive attacker data, and also provides recruiters/researchers with sanitized examples of the outputs.
The objective was not only to demonstrate how to deploy honeypots in the cloud, but also to practice how a Security Operations Center (SOC) transforms raw logs into actionable security intelligence. This provided hands-on experience in both cloud security architecture and threat analysis.
- Part One: Honeypot Deployment
- Part Two: Honeypot Analysis
- Part Three: Project Structure & Repo Organization
This project is licensed under the MIT License.