The StingBox HackerCam feature records a hackers keystrokes and then send those to you as a follow-up to the the initial alert that your StingBox HoneyPot has been probed. To test this feature, you can pretend to be a hacker.  A typical network intruder will have run an NMap scan on your network to identify interesting targets and will see the custom hostname you have given your StingBox and that it has open ports to probe with a password cracker. Both acrtivities that will trigger an initial StingBox Alert.  The next step would be for the hacker to SSH the StingBox. They will now know the IP address of the Stingbox.  You copy this next step using any SSH program like Putty for Windows or...

Go to your Discovered Hosts page from your StingBox dashboard to learn more about hosts on your network (i.e. Hostname, manufacturer or a custom name you've given the host in the past)

Occasionally an IP address or MAC address will change on your network, in these cases, the host may appear multiple times on your StingBox dashboard.

Yes, for annual subscriptions only.  

StingBox has a opt-in / and must-enable manual feature which scans for open SMB shares. You've enabled this and StingBox is attempting to authenticate to a share on your network with a blank username and password.

Please email support@stingbox.com and we can help you do this. Hosts will also automatically drop out of recent hosts in 24 hours.

We'd love to figure out how to make you successful with StingBox. Please email any questions to us at support@stingbox.com. If you just want to cancel, instructions are here: https://www.stingbox.com/cancel

Plug your StingBox into the power outlet and any open port on your network. Create an account and enter the code printed on your StingBox and your subscription code from your purchase. That’s it! More help is available at https://www.stingbox.com/setup/

Your StingBox will appear as connected on your dashboard.

Click “account settings” and then complete the password reset form to reset your password. If you can't access your account, please email support@stingbox.com

We work with MSPs, MSSPs, IT professionals, VARs, distributors, and solution providers in a variety of models - please email us at info@stingbox.com to start a conversation. We do not currently work with digital-only drop-shippers.

Ideal locations include – directly to a port on your router, into a network switch or into an open jack which plugs into your router.

You can change the alert settings from your dashboard. There are three categories of alert. Critical, Important and Informational. Each can be set with it’s own unique instructions for how and where to send alerts. You can also always disable any alert methods from your dashboard. You may also consider whitelisting specific IP addresses which cause excessive alerts (i.e. known vulnerability scanners)

Open up any web browser on your local network and enter ftp://YOURSTINGBOXIP into the url bar. Example (ftp://192.168.1.29). You can find your STINGBOXIP on your dashboard. This will generate an alert for an attempted FTP scan attempt.

Yes, just enter them on the “manage alerts” page.

StingBox was designed to be a low cost solution to a tough problem, detecting if someone is snooping on your network. We are able to maintain low costs because of our Software as a Service model and our low cost hardware design.

We are using a version of the PI Architecture with 512mb of RAM running an ARM linux operating system.

Stingbox performs a ping Scan and an arp-scan on the local network to which it is assigned an IP address from a DHCP server. Additionally, custom ranges can be defined through the dashboard.

Yes, the StingBox is hardened against attacks and does not cause excessive network traffic.

Every 5 minutes.

Every 10 minutes.

No, StingBox is a honeypot, not a 100% guarantee you have not been hacked. If an attacker stays on a single host on your network it is likely that stingbox will not detect the attacker (however, we may have detected the attacker when they were trying to compromise that first host). We suggest having endpoint security for the devices on your network in addition to the StingBox.

StingBox has an optional feature to perform network scanning which may trigger other network monitoring software. You can enable/disable this feature on your dashboard..

If you recently connected a device to your network yourself (or someone on your network did - nothing to worry about as it was an expected new device connection. If you can’t figure out what the new device is on your network or why it was installed (i.e. someone you don’t know is using your Wi-Fi connection), you may want to block the device (i.e. on your router).

No. StingBox HoneyPots are designed to detect network intruders, similar to a building alarm system which does not stop burglars but only detects them. Detection informs and enables response. Improving detection is a critical part of a complete, Protection, Detection and Response plan which can stop hackers from winning this battle. 

No. StingBox HoneyPots are designed to detect network intruders, similar to a building alarm system which does not stop burglars but only detects them. Detection informs and enables response. Improving detection is a critical part of a complete, Protection, Detection and Response plan which can stop hackers from winning this battle. 

StingBox collects and stores -Attack sessions from attackers (what they typed, how they interacted with the honeypot) -IP address of your external network interface -Open ports on your external network interface -Names and MAC addresses of devices on your network which StingBox discovers with a network scan This information is sent over an encrypted channel back to StingBox's cloud servers so you can review this information on your dashboard.

Go to your Discovered Hosts page from your StingBox dashboard to learn more about hosts on your network (i.e. Hostname, manufacturer or a custom name you've given the host in the past)

No, but we have tested an inexpensive adapter that we can recommend. POE Texas' Adapter can be purchased directly at POETexas.com or from Amazon. Note: It's important to order the Micro USB version. This adapter has also changed connectors since our initial purchase. You may want to consider the UCTronics adapter below. One of two of these POE Texas adapters we tested failed after 9 months. The other is still running since May of 2000. Full disclosure: The adapter failed while powering an alternative StingBox platform we were testing. The platform still works, but the POE doesn't. This isn't a sufficient data set to say for certain that the power supply was the cause of its failure. There...

Yes, StingBox is available for installation on the cloud or an existing machine. More information on StingBox Virtual can be found here.

To WhiteList an IP (for example, from a network vulnerability scanner), first go to your StingBox Dashboard and click on Add/Manage StingBox section. Next, look for the "WhiteList IP Manager" link on the bottom of the StingBox you want to stop sending alerts when hit by a particular IP. Next, Add the IP and Name the Machine for easier identification.

Yes. StingBox's dashboard supports grouping StingBoxes and defining custom alerts types and methods for each group

Many customers have implemented SIEM integration through a periodic pull from our API. StingBox API Documentation If this method does not work for you, please email us at support@stingbox.com and we can get things set up.

Yes. Documentation for StingBox's API is at StingBox API Documentation

StingBox does not support changing the network discovery scanning interval (5 minutes).

Please contact us at support@stingbox.com and we can help you authenticate to your account.

Stingbox has support for multiple VLANS with a single subscription. Simply specify the IP ranges on your dashboard and the sting box will do device discovery on all of your VLANs

As long as the StingBox is reachable by attackers, it will perform its honeypot functions. Functionality does not change based on the network configuration. Remember to set your custom network discovery ranges in your dashboard if you do this.

StingBox virtual currently does not support multiple network interfaces. If this is a feature you would like, please email support@stingbox.com with the request so we can track demand for this feature.

StingBox virtual currently does not support multiple network interfaces. If this is a feature you would like, please email support@stingbox.com with the request so we can track demand for this feature.

No, as long as the StingBox is reachable by attackers, it will perform its honeypot functions. You may choose to deploy multiple StingBox on different segments of your network to create more possible points of detection.

Stingbox has support for multiple VLANS with a single subscription. Simply specify the IP ranges on your dashboard and the sting box will do device discovery on all of your VLANS.

Stingbox has support for multiple VLANS with a single subscription. Simply specify the IP ranges on your dashboard and the sting box will do device discovery on all of your VLANS.

Outbound Connectivity Requirements -8.8.8.8 (DNS) -checkip.amazonaws.com (HTTPS) (External IP address - HTTPS) -mirrors.ocf.berkeley.edu (Ubuntu updates from US repo) -stingbox.twocyber.com (HTTPS) Inbound Requirements None - device is a honeypot and will alert on inbound connection requests

No, Stingbox is not a NIPS (network intrusion prevention system) - just a Honeypot.

Yes, StingBox and FireWalla are compatible. StingBox is a honeypot device while FireWalla is a firewall device.

There are two ways to set a Static IP. If your network uses DHCP to allocate IPs: You can designate a Static IP to be assigned to StingBox using the MAC Address of your StingBox.We record the MAC address of each StingBox during provisioning and testing.You can view your StingBox MAC address on the StingBox Dashboard after adding your StingBox to your dashboard using the Code on the bottom of each StingBox. If your network does not use DHCP: You can assign an IP to StingBox by changing a file named “eth0.txt.unset” on the SD card of your StingBox.This file will only be on your SD card if your StingBox is running software version 1.59 or greater.If you have an older StingBox, you can obtain...

You can change your payment details on your Stripe Dashboard Here. If you have a subscription through PayPal, or an invoice based subscription please email support@stingbox.com and we can update your info.

We only offer StingBox through a subscription. Our subscription model makes StingBox a sustainable business. StingBox is a cloud-delivered subscription service with an optional hardware component. We continually add capabilities and features to StingBox (discovery scanning, open port alerts, hackercam, etc) and our dashboard and alerting services. Additionally, we provide extensive support for our customers. DIY honeypots information can be found here https://www.techtarget.com/whatis/feature/How-to-build-a-honeypot-to-increase-network-security

StingBox does a best-effort scan of your network using ping and arp-scaning approaches every 5 minutes. Please make sure you have waited 5 minutes for the StingBox to scan your network. Your network may be in different segments and, by default StingBox is only able to scan the segment upon which it connected. You may configure custom discovery scanning ranges on your dashboard.