Honeypot Events

Events from our honeypots and yours are what drives SentryPeer — they are the basic building blocks of all SentryPeer data. We'll look at how to send events messages.

You can only submit honeypot events to SentryPeer if you are on the Contributor Plan. Only you can query your own events and they do not form part of the SentryPeer data set, so there is no risk of poisoning our data. It's also much easier to run an official SentryPeer node.

The event model

The event model contains all the information about a SIP probe that a honeypot detects. You can see a full example in the SentryPeer node docs. It is a JSON object with the following properties:

Properties

  • Name
    app_name
    Type
    string
    Description

    The name of the application that sent the event.

  • Name
    app_version
    Type
    string
    Description

    The version of the application that sent the event.

  • Name
    event_timestamp
    Type
    string
    Description

    The timestamp of the event.

  • Name
    event_uuid
    Type
    string
    Description

    The UUID of the event. This is validated as a unique identifier and valid UUID.

  • Name
    created_by_node_id
    Type
    string
    Description

    The UUID of the node that created the event.

  • Name
    collected_method
    Type
    string
    Description

    The method used to collect the event. responsive or passive.

  • Name
    transport_type
    Type
    string
    Description

    The transport type of the event. UDP, TCP or TLS.

  • Name
    source_ip
    Type
    string
    Description

    The source IP address of the event. This is the IP address of the attacker.

  • Name
    destination_ip
    Type
    string
    Description

    The destination IP address of the event. This is the IP address of the honeypot.

  • Name
    called_number
    Type
    string
    Description

    The phone number of the SIP event. This is the number the attacker is trying to call.

  • Name
    sip_method
    Type
    string
    Description

    The SIP method of the event. For example, INVITE, REGISTER, OPTIONS, etc.

  • Name
    sip_user_agent
    Type
    string
    Description

    The SIP User Agent of the event. For example, Avaya, Asterisk, etc.

  • Name
    sip_message
    Type
    string
    Description

    The full SIP message of the event.

POST/api/events

Send a honeypot event

This endpoint allows you to send a your own honeypot events to SentryPeer.

Required attributes

As per the event model above.

Request

POST
/api/events
curl https://sentrypeer.com/api/events \
  -H "Authorization: Bearer {token}" \
  -d '{
        "app_name": "sentrypeer",
        "app_version": "v3.0.0",
        "event_timestamp": "2022-02-22 11:19:15.848934346",
        "event_uuid": "4503cc92-26cb-4b3e-bb33-69a83fa09321",
        "created_by_node_id": "4503cc92-26cb-4b3e-bb33-69a83fa09321",
        "collected_method": "responsive",
        "transport_type": "UDP",
        "source_ip": "45.134.144.128",
        "destination_ip": "XX.XX.XX.XX",
        "called_number": "0046812118532",
        "sip_method": "OPTIONS",
        "sip_user_agent": "friendly-scanner",
        "sip_message": "full SIP message"
    }'

Response 201 Created

{
  "message": "Thanks for using SentryPeer!",
}