Attivo Botsink
Network-based Threat Deception for Post-Compromise Threat Detection.
Deception & Breach Simulation · Attivo Botsink
Configuration parameters
server— Botsink name or address (required)credentials— BOTsink API credentials (required)insecure— Trust any certificate (not secure)fetch_severity— Minimum severity when fetching events; "Very High", "High", "Medium" (required)isFetch— Fetch incidentsincidentType— Incident typefirst_fetch— Number of days to go back for the initial fetch. Use "0" to only retrieve new incidents. (required)
Commands (8)
-
attivo-check-hostChecks whether a host is deceptive.
-
attivo-check-userChecks whether a user is deceptive.
-
attivo-deploy-decoyDeploys a new network decoy.
-
attivo-get-eventsRetrieves events for a specified source IP.
-
attivo-list-hostsList information about network decoys.
-
attivo-list-playbooksList information about playbooks configured on the Attivo device.
-
attivo-list-usersList all deceptive users.
-
attivo-run-playbookRuns a prebuilt playbook on the BOTsink appliance.