From ea270aeb52d027d121cb336dc218f1e3d8685a87 Mon Sep 17 00:00:00 2001
From: Artem Besedin <artem.besedin@iqoption.com>
Date: Mon, 9 Sep 2019 20:14:46 +0300
Subject: [PATCH] Resolve incorrect protocol extraction if Cowrie was
 customized as Telnet Honeypot

---
 hpfeedslogger/processors.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hpfeedslogger/processors.py b/hpfeedslogger/processors.py
index c5b8a97..714a32e 100644
--- a/hpfeedslogger/processors.py
+++ b/hpfeedslogger/processors.py
@@ -294,7 +294,7 @@ def kippo_cowrie_sessions(identifier, payload, name, channel):
         direction='inbound',
         ids_type='network',
         severity='high',
-        signature='SSH session on {} honeypot'.format(name_lower),
+        signature='{} session on {} honeypot'.format(dec.protocol, name_lower),
         ssh_version=dec.version
     )
 
@@ -303,7 +303,7 @@ def kippo_cowrie_sessions(identifier, payload, name, channel):
     if dec.credentials:
         for username, password in dec.credentials:
             msg = dict(base_message)
-            msg['signature'] = 'SSH login attempted on {} honeypot'.format(name_lower)
+            msg['signature'] = '{} login attempted on {} honeypot'.format(dec.protocol, name_lower)
             msg['ssh_username'] = username
             msg['ssh_password'] = password
             messages.append(msg)