Community vs Enterprise
Trapster comes in two editions that share the same deception engine. The main differences are in how you deploy and manage them, and what integrations are available.
Throughout this documentation, pages and sections are marked with either Enterprise or Community to indicate which edition they apply to. Some features are available in both.
Feature comparison
| Feature | Community | Enterprise |
|---|---|---|
| Deployment | Docker / Python / systemd | VM, Docker, Kubernetes, cloud, physical appliance |
| Service protocols | 15+ | 15+ |
| HTTP with custom skins | ✅ | ✅ |
| AI-powered HTTP responses | ✅ | ❌ |
| Configuration | Config file | Web dashboard |
| Log format | JSON / file / ECS | JSON / dashboard |
| Incidents & Threat Graph | ❌ | ✅ |
| Alerting (dashboard) | ❌ | ✅ |
| Alerting (email) | ❌ | ✅ |
| Alerting (webhook) | Via API logger | ✅ Teams, Slack, Sekoia, custom |
| Alerting (syslog) | ✅ | ✅ |
| Alerting (SIEM) | Via API logger | ✅ Splunk, Sentinel, Wazuh, Sekoia |
| Breadcrumbs | ❌ | ✅ |
| Honeytokens | ❌ | ✅ |
| Namespaces & SSO | ❌ | ✅ |
| Plugins (LLMNR, port scan) | ❌ | ✅ |
| Role-based access control | ❌ | ✅ |
| REST API | ❌ | ✅ |
| License | AGPL 3.0 | Commercial |
Which edition is right for me?
Choose Community if:
- You want a free, open-source honeypot to quickly add to your environment
- You are comfortable editing a JSON config file
- You want to forward logs to your own SIEM via API logger or file
- You want to contribute to the project
Choose Enterprise if:
- You need centralized management via a web dashboard
- You are a SOC or MSSP managing security for multiple clients or network segments
- You want native SIEM integrations (Splunk, Sentinel, Wazuh, Sekoia)
- You want to plant breadcrumbs on endpoints or deploy honeytoken tripwires
- You need role-based access control, namespaces, and audit logs
- You want visual attack path analysis with the Threat Graph
