Skip to content

Community vs Enterprise

Trapster comes in two editions that share the same deception engine. The main differences are in how you deploy and manage them, and what integrations are available.

Throughout this documentation, pages and sections are marked with either Enterprise or Community to indicate which edition they apply to. Some features are available in both.

Feature comparison

FeatureCommunityEnterprise
DeploymentDocker / Python / systemdVM, Docker, Kubernetes, cloud, physical appliance
Service protocols15+15+
HTTP with custom skins
AI-powered HTTP responses
ConfigurationConfig fileWeb dashboard
Log formatJSON / file / ECSJSON / dashboard
Incidents & Threat Graph
Alerting (dashboard)
Alerting (email)
Alerting (webhook)Via API logger✅ Teams, Slack, Sekoia, custom
Alerting (syslog)
Alerting (SIEM)Via API logger✅ Splunk, Sentinel, Wazuh, Sekoia
Breadcrumbs
Honeytokens
Namespaces & SSO
Plugins (LLMNR, port scan)
Role-based access control
REST API
LicenseAGPL 3.0Commercial

Which edition is right for me?

Choose Community if:

  • You want a free, open-source honeypot to quickly add to your environment
  • You are comfortable editing a JSON config file
  • You want to forward logs to your own SIEM via API logger or file
  • You want to contribute to the project

Choose Enterprise if:

  • You need centralized management via a web dashboard
  • You are a SOC or MSSP managing security for multiple clients or network segments
  • You want native SIEM integrations (Splunk, Sentinel, Wazuh, Sekoia)
  • You want to plant breadcrumbs on endpoints or deploy honeytoken tripwires
  • You need role-based access control, namespaces, and audit logs
  • You want visual attack path analysis with the Threat Graph

Resources