Deceive, Detect, Engage

Azure Logic App Honeypot

Deploy a non-functional Azure Logic App that mimics a critical workflow. Monitor any attempts to trigger or interact with this app to detect reconnaissance or attempts to disrupt business processes.

Engage Goals: EGO0001 Expose

Engage Approach: EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Azure Logic App Honeypot

Description of Element:

Deploy a non-functional Azure Logic App that mimics a critical workflow. Monitor any attempts to trigger or interact with this app to detect reconnaissance or attempts to disrupt business processes.

Technical Context:

Placement: Within a resource group that hosts other production logic apps.

Requires familiarity with Azure Logic Apps and their integration with other Azure services.

Other:

Att&ck/Engage Mapping: T1082 System Information Discovery, E1506 Decoy System

Azure Logic App Honeypot

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense