Skip to content

Plugins Enterprise

Plugins are background detection features that run alongside emulated services on a Trapster. They do not listen on a service port the way HTTP or SSH does. Instead, they watch for or participate in network activity that indicates reconnaissance or poisoning attacks.

Trapster Enterprise ships with two plugins:

PluginDetectsVM required
Port scan detectionHosts probing many ports on the TrapsterYes
LLMNR detectionLLMNR name resolution and poisoning-style activityNo (Windows templates recommended)

Plugins are not available in Community Edition.

Enable or disable a plugin

  1. Open Trapsters and select a device
  2. Go to the Settings tab
  3. Under Plugins, toggle to activate or deactivate your desired plugin

Changes apply to that Trapster only. If a plugin is greyed out with "not available for this device platform", the plugin cannot be installed on your specific device.

Whitelist noisy scanners

Internal vulnerability scanners can trigger port scan incidents. Add their IPs under Whitelist IPs on the same Settings tab before enabling port scan detection in scanned segments.

Default on new VM Trapsters

When you Accept a pending VM Trapster, Trapster applies the default Windows Server 2022 service template and enables port scan detection automatically. Some predefined templates activate either port scans or LLMNR detection;

Incidents and alerting

Plugin triggers appear on the Incidents page like any other detection. Port scan incidents are typically High severity. Forward them through your usual alerting channels (Integrations, syslog, webhooks).

Next steps