Deaths Pirate DeathsPirate

## gist:91196d1d685d58cfff7e
### Keybase proof

I hereby claim:

  * I am DeathsPirate on github.
  * I am deathspirate (https://keybase.io/deathspirate) on keybase.
  * I have a public key whose fingerprint is BC39 34A0 DF78 5A3C EBA7  4147 C6A2 41E9 D5FB 9C24

To claim this, I am signing this object:

## enriched.json
{
    "args": "http://157.52.151.215/s443ls",
    "user": "root",
    "datetime": "2019-03-01 12:29:29:276538",
    "type": "spyusers",
    "processInfo": 7960,
    "containerName": "honeypot-157.52.151.215",
    "containerId": "e6a625ff7a00",
    "srcaddr": "157.52.151.215",
    "baseCommand": "wget",

## standard.json
{
    "args": "http://157.52.151.215/s443ls",
    "user": "root",
    "datetime": "2019-03-01 12:29:29:276538",
    "type": "spyusers",
    "processInfo": 7960,
    "containerName": "honeypot-157.52.151.215",
    "containerId": "e6a625ff7a00",
    "command": "wget"
}

## stack.yaml
name: furnace-honey
platform:
    aws: {defaultBatchSize: 10}
state:
    repo: 'https://github.com/{YourGitAccount}/{YourStackStateRepo}'
environments:
    - dev
    - staging
    - prod

## sources.yaml
- name: honeylogs
  type: KinesisStream
  initialize: false
  aws:
    shardCount: 1

## taps.yaml
- name: honeylogs-tap
  module: honeytap
  source: honeylogs
  aws:
    shardCount: 1

## furnace.py
async def processEvent(event):
    # Do event processing here ...
    return event

## pipelines.yaml
- name: enrichment
  modules:
    - name: lookup-geo
    - name: honeyenrich

## pipes.yaml
- tap: honeylogs-tap
  pipeline: enrichment

- pipeline: enrichment
  sink: es-sink

## sinks.yaml
- name: es-sink
  type: AwsFirehose
  resource: es
  aws:
    destination: elasticsearch
    elasticsearchConfiguration:
        indexName: hpevents
        typeName: hpevent
	### Keybase proof

	I hereby claim:

	* I am DeathsPirate on github.
	* I am deathspirate (https://keybase.io/deathspirate) on keybase.
	* I have a public key whose fingerprint is BC39 34A0 DF78 5A3C EBA7 4147 C6A2 41E9 D5FB 9C24

	To claim this, I am signing this object:
	{
	"args": "http://157.52.151.215/s443ls",
	"user": "root",
	"datetime": "2019-03-01 12:29:29:276538",
	"type": "spyusers",
	"processInfo": 7960,
	"containerName": "honeypot-157.52.151.215",
	"containerId": "e6a625ff7a00",
	"srcaddr": "157.52.151.215",
	"baseCommand": "wget",
	name: furnace-honey
	platform:
	aws: {defaultBatchSize: 10}
	state:
	repo: 'https://github.com/{YourGitAccount}/{YourStackStateRepo}'
	environments:
	- dev
	- staging
	- prod
	- name: honeylogs
	type: KinesisStream
	initialize: false
	aws:
	shardCount: 1
	- name: honeylogs-tap
	module: honeytap
	source: honeylogs
	aws:
	shardCount: 1
	async def processEvent(event):
	# Do event processing here ...
	return event
	- name: enrichment
	modules:
	- name: lookup-geo
	- name: honeyenrich
	- tap: honeylogs-tap
	pipeline: enrichment

	- pipeline: enrichment
	sink: es-sink
	- name: es-sink
	type: AwsFirehose
	resource: es
	aws:
	destination: elasticsearch
	elasticsearchConfiguration:
	indexName: hpevents
	typeName: hpevent