Hi everyone,

I'm currently working on a cybersecurity student project with my team, and we're trying to get feedback from people who actually work in the field.

Our project is fully open source, and it focuses on helping small security or research teams with limited resources better observe and analyze cyberattacks using honeypots.
(Note: the project is not developed yet — this is an early-stage survey to gather feedback before we start building.)

We noticed that many existing solutions are:

• hard to configure,

• difficult to customize,

• fragmented across multiple tools,

• cloud-dependent,

• or complicated to analyze in practice.

So our goal is to build a lightweight, local tool that centralizes everything and makes honeypots easier to use in real conditions.

Concretely, our tool aims to:

• easily deploy classic honeypots (currently based on Cowrie),

• deploy an AI-based honeypot developed by us using an open-source local language model,

• simplify configuration and customization,

• allow users to choose between classic or AI honeypots,

• reuse and share configurations across machines,

• automatically collect all attacker interactions and logs,

• normalize the data,

• and display everything in an internal SIEM-like monitoring interface for analysis and visualization.

The main target is small SOC teams, blue teams, or research groups that don't necessarily have the time or resources to assemble and maintain complex toolchains.

Before going further, we'd really like to know:

If you work in blue team / SOC / security research / IT security:

• Do you currently use honeypots?

• Would a tool like this be useful in your context?

• What are your biggest difficulties today?

• What features would matter most to you?

This is purely a student project, and we're still learning, so we'd really appreciate some kindness and constructive feedback :)

Our goal is to build something that makes sense in real-world environments, not just for academic purposes.

Thanks a lot for your time!