Resetting the honeypot to a clean state after a compromise

Destroy and re-create the honeypot while taking into consideration all of the other components of the Honeypot Architecture. Only the items in the "Necessary baseline items" are required but give suggested optional items that may be necessary depending on your research question.

• pct man pages

• Destroy and re-create the container
• Re-configure the container's network interfaces
• Re-institute safeguards for the container
• Continue data collection
  • A restart of the data collection software may be required (e.g. MITM)
• Continue monitoring the status of the honeypot (Health Logs)

• Block the attacker who previously compromised the honeypot from accessing your honeypots again.
• Block additional attackers from accessing a compromised honeypot.
• Place files and/or software (e.g. honey) inside the honeypot