Attivo Botsink

Network-based Threat Deception for Post-Compromise Threat Detection.

Deception & Breach Simulation · Attivo Botsink

Configuration parameters

  • server — Botsink name or address (required)
  • credentials — BOTsink API credentials (required)
  • insecure — Trust any certificate (not secure)
  • fetch_severity — Minimum severity when fetching events; "Very High", "High", "Medium" (required)
  • isFetch — Fetch incidents
  • incidentType — Incident type
  • first_fetch — Number of days to go back for the initial fetch. Use "0" to only retrieve new incidents. (required)

Commands (8)

  • attivo-check-host

    Checks whether a host is deceptive.

  • attivo-check-user

    Checks whether a user is deceptive.

  • attivo-deploy-decoy

    Deploys a new network decoy.

  • attivo-get-events

    Retrieves events for a specified source IP.

  • attivo-list-hosts

    List information about network decoys.

  • attivo-list-playbooks

    List information about playbooks configured on the Attivo device.

  • attivo-list-users

    List all deceptive users.

  • attivo-run-playbook

    Runs a prebuilt playbook on the BOTsink appliance.