-
Notifications
You must be signed in to change notification settings - Fork 0
ERDiagram
The ER Diagram (Entity Relationship Diagram) represents the database structure of the WISETrap honeypot system and illustrates the relationships between entities used for logging, monitoring, and alert management.
This diagram defines how attack information is stored and linked within the system database.
WISETrap is a deception-based credential honeypot designed to detect unauthorized access attempts through exposed trap resources such as:
https://honeypot.wise.local/login.txt
When suspicious activity occurs, the system stores request information, generates alerts, and allows administrators to monitor attacker behavior in real time.
The ER Diagram describes the database entities responsible for managing:
- Attack logs
- Trap endpoints
- Alerts
- Administrators
- Attacker information
Stores information about detected attackers or bots interacting with the honeypot system.
- attacker_id (Primary Key)
- ip_address
- user_agent
- first_seen
- last_seen
- country
- is_bot
Tracks attacker identity and repeated interactions with the system.
Stores detailed request and attack information generated during suspicious activity.
- log_id (Primary Key)
- attacker_id (Foreign Key)
- endpoint_id (Foreign Key)
- requested_url
- timestamp
- http_method
- status_code
- request_data
- response_data
Records all suspicious requests and connects them to attackers and trap endpoints.
Stores information about honeypot trap files and monitored endpoints.
- endpoint_id (Primary Key)
- endpoint_name
- endpoint_url
- description
- is_active
- created_at
/login.txt
Defines trap resources monitored by the honeypot system.
Stores alert information generated after suspicious activity is detected.
- alert_id (Primary Key)
- log_id (Foreign Key)
- alert_type
- email_sent
- sent_at
- read_at
- status
Tracks alert notifications sent to administrators.
Stores administrator account information.
- admin_id (Primary Key)
- name
- password_hash
- created_at
- is_active
Allows administrators to monitor and manage the honeypot system.
Relationship:
- One attacker can generate multiple attack logs.
- Each attack log belongs to one attacker.
Relationship Type: One-to-Many (1:N)
Relationship:
- One trap endpoint can appear in multiple attack logs.
- Each attack log references one trap endpoint.
Relationship Type: One-to-Many (1:N)
Relationship:
- One attack log can generate one alert.
- Each alert belongs to one attack log.
Relationship Type: One-to-One (1:1)
Relationship:
- Administrators receive generated alerts.
- Alerts are associated with administrator monitoring activities.
Relationship Type: Monitoring / Notification Relationship
- Attacker accesses a trap endpoint
- The system records request information
- Attack data is stored inside AttackLogs
- Alert records are generated
- Administrators receive notifications and monitor activity

The purpose of the ER Diagram is to define the database structure used by the WISETrap honeypot system and demonstrate how attacker activity, trap endpoints, alerts, and administrators are connected through relational database design.
- Each attacker may generate multiple attack records.
- Each suspicious request is linked to a monitored trap endpoint.
- Alerts are automatically generated after suspicious activity.
- The database is designed for monitoring and analysis purposes.
- All entities are directly aligned with the WISETrap system workflow and diagrams.