Dark Mode

Home

/

Data Providers

/

MalBeacon Deception.Pro

Data provider MalBeacon Deception.Pro banner image on Opendatabay marketplace
Data provider MalBeacon Deception.Pro logo image on Opendatabay marketplace

deception.pro

MalBeacon Deception.Pro

Verified Icon

Licensed LLM Data Provider

Get In touch with MalBeacon Deception.Pro

Details

Location

6650 Rivers Ave Ste 105 PMB 671991 N. Charleston, SC 29406

Joined

09/03/2026

Response time

Instant

Twitter
malbeacon
LinkedIn
https://www.l...

About

Deception.Pro

Adversary Signals & Network Threat Data

We provide structured threat telemetry from real-world deception infrastructure: endpoint events, network IDS alerts, and raw packet captures from realistic enterprise environments. No synthetic data. No scraping. Ground-truth adversary signals, validated and published continuously. We deploy enterprise-scale decoys, seed them with malware, and observe how threat actors move through a network after initial compromise.

Datasets

EDR Telemetry

Endpoint telemetry from deception hosts exposed to real attacker activity

  • Process creation events (parent/child PID, command-line, hashes)
  • File system and registry events
  • Domain and IP address connections
  • Authentication and account events

Suricata EVE Output

Structured JSON alert and flow logs from Suricata sensors on deception.pro honeypot infrastructure.

  • Rule-matched alerts (SID, name, category, severity)
  • DNS, HTTP, and TLS metadata (JA3/JA3S fingerprints included)
  • Full flow records (bytes, packets, state, duration)
  • PCAP reference IDs for cross-dataset correlation

Packet Captures (PCAPs)

Full and filtered tcpdump captures from deception network taps — real exploitation, scanning, C2, and exfiltration sessions.

  • Indexed by date, sensor, and attack classification
  • SHA-256 integrity hash per file
  • Correlated with Suricata EVE alert IDs
  • Metadata sidecars: duration, interface, filter, packet count
  • Sanitised to remove unintended third-party PII

What We Offer

  • Real adversary data — endpoint, network, and packet-level coverage from live deception infrastructure
  • Near real-time updates — Suricata EVE logs; EDR and PCAP indexes updated daily
  • Cross-dataset correlation — shared keys linking EDR, Suricata, and PCAP records
  • MITRE ATT&CK enrichment — tactic, technique, and sub-technique labels out of the box
  • Integrity guarantees — automated schema validation, referential integrity checks, and SHA-256 hashes before every release
  • Custom requests — need a specific capture or attack category? Just ask

All data originates from infrastructure we operate.

Want a Dataset Added?

We are open to crafting a custom solution.

In the news:

BleepingComputer Deception.Pro Blog

Statistics

Data Products

1

Total Downloads

0

Total Dataset Views

38

DATA PRODUCTS

Explore data collections and datasets from MalBeacon Deception.Pro