SNMP Honeypot Enterprise Community
The SNMP service emulates an SNMP UDP server. It logs SNMP GET and SET requests, which attackers use to enumerate network devices.
High noise
SNMP is available but tends to generate high volumes of low-fidelity events in most environments. Enable it only if your use case specifically requires it.
Configuration
json
"snmp": [
{
"port": 161
}
]Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
port | integer | 161 | UDP port |
What gets captured
| Event | Fields |
|---|---|
| Query received | Source IP, community string, OID varbind list, SNMP version |
