Feeds
Turn a HoneyLabs search into something you actually consume. Two outputs from the same saved query.
Worked example
You run a public Postgres on port 5432 and want to know what IPs are probing it from DigitalOcean. You save this query as a watchlist named do-postgres-probes:
asn:14061 AND port:5432
Output 1: daily email
Every day at the same time we re-run the query and email you the matches. Skip the digest if no IPs hit.
Output 2: machine-readable URL
Mint one or more token-gated URLs that always return the current matches. Point fail2ban, your firewall, Pi-hole, SIEM, or any cron at it.
*/5 * * * * curl -fsS \ 'https://honeylabs.net/feed/<token>' \ > /etc/fail2ban/blocklist.txt
Tokens are revocable. You can mint a separate one per consumer (one for prod, one for staging) so you can see who is actually fetching, and cut a leaked URL without losing the other.
Your watchlists
Save any search query as a watchlist. Optionally schedule an email digest. Mint one or more token-gated URLs for firewalls or SIEM cron jobs to pull directly.
Loading…