So I wanted to do something which has been done many times before and that was to create an SSH honeypot for some threat intelligence collection purposes. The twist to this is that I want to send the results to MISP and I came across a few hicups along the way. Ive previously blogged about Fail2Ban and it got me thinking, what if I added a secondary action to send the resulting banned ip into MISP.
So in my AWS studies I came across a course from edX titled “AWS Developer: Building on AWS”. This is an awesome course that gives you hands on experience with multiple services in AWS. Its structured in such a way where each week will only take a few hours to complete and there are 6 weeks of courses. If I recall as long as you are not “overly testing” your solution (which would have to be significant) you are unlikely to go over the free tier on AWS.