Plugins Enterprise
Plugins are background detection features that run alongside emulated services on a Trapster. They do not listen on a service port the way HTTP or SSH does. Instead, they watch for or participate in network activity that indicates reconnaissance or poisoning attacks.
Trapster Enterprise ships with two plugins:
| Plugin | Detects | VM required |
|---|---|---|
| Port scan detection | Hosts probing many ports on the Trapster | Yes |
| LLMNR detection | LLMNR name resolution and poisoning-style activity | No (Windows templates recommended) |
Plugins are not available in Community Edition.
Enable or disable a plugin
- Open Trapsters and select a device
- Go to the Settings tab
- Under Plugins, toggle to activate or deactivate your desired plugin
Changes apply to that Trapster only. If a plugin is greyed out with "not available for this device platform", the plugin cannot be installed on your specific device.
Whitelist noisy scanners
Internal vulnerability scanners can trigger port scan incidents. Add their IPs under Whitelist IPs on the same Settings tab before enabling port scan detection in scanned segments.
Default on new VM Trapsters
When you Accept a pending VM Trapster, Trapster applies the default Windows Server 2022 service template and enables port scan detection automatically. Some predefined templates activate either port scans or LLMNR detection;
Incidents and alerting
Plugin triggers appear on the Incidents page like any other detection. Port scan incidents are typically High severity. Forward them through your usual alerting channels (Integrations, syslog, webhooks).
