Frequently Asked Questions
Beelzebub uses Large Language Models (LLM) to create high-interaction honeypots without the complexity and security risks of traditional solutions. Our AI acts as realistic Linux terminals and HTTP services, engaging attackers for hours while remaining completely secure.
Key differentiators:
- Zero false positives - only real threats trigger alerts
- No human supervision required - fully automated operation
- High interaction without risk - LLM provides safe, realistic responses
- Trusted by Deutsche Telekom and enterprise customers
Beelzebub supports both cloud and on-premise LLM deployments:
- OpenAI: GPT-4, GPT-3.5-turbo for cloud deployments
- Ollama: Local deployment with models like CodeLlama, Llama3
- Custom endpoints: Compatible with any OpenAI-compatible API
This flexibility allows you to choose based on your security requirements and data sovereignty needs.
Beelzebub deploys in 1-2 minutes using Docker containers or Kubernetes with our official Helm chart. Works on any cloud provider (AWS, Azure, GCP) or on-premises infrastructure. Zero infrastructure disruption required.
Beelzebub supports multiple protocols and can simulate various services:
- SSH honeypots with realistic terminal interactions
- HTTP/HTTPS honeypots for web application simulation
- TCP honeypots for custom protocol simulation
- Database honeypots (MySQL, PostgreSQL simulation)
- IoT device simulation for industrial environments
Yes! Beelzebub core framework is open source with 1100+ GitHub stars. You can audit the code, contribute features, and deploy the self-hosted version for free. Our managed platform adds enterprise features like AI SOC automation, centralized management, and 24/7 support.
Minimum requirements:
- CPU: 2 cores per honeypot instance
- RAM: 4GB per honeypot instance
- Storage: 20GB for logs and analysis
- Network: Internet access for LLM API calls (cloud) or local LLM deployment
- Container runtime: Docker or Kubernetes
Supported platforms:
- Linux (Ubuntu, RHEL, CentOS)
- Container orchestration (Kubernetes, Docker Swarm)
- All major cloud providers (AWS, Azure, GCP)
Beelzebub integrates seamlessly with your existing security stack:
- SIEM integration: Splunk, QRadar, ArcSight, Elastic Stack
- SOAR platforms: Phantom, Demisto, TheHive
- Ticketing systems: Jira, ServiceNow, PagerDuty
- Messaging: Slack, Microsoft Teams, Discord
- Prometheus: OpenMetrics for monitoring and alerting
- RabbitMQ: For scalable event processing
Yes! For air-gapped or high-security environments, deploy Beelzebub with local Ollama instances. This keeps all data within your network perimeter while maintaining full AI capabilities. Popular models like CodeLlama and Llama3 work excellently for honeypot interactions.
Configuration is simple using YAML files. Create custom scenarios by defining:
- Service types (SSH, HTTP, database)
- Response patterns and realistic system behaviors
- Vulnerability simulations to attract specific attack types
- Custom prompts for LLM interactions
Our documentation includes templates for WordPress, database servers, IoT devices, and more.
Beelzebub honeypots are ultra-secure by design:
- LLM sandbox: Attackers interact with AI, not real systems
- No real vulnerabilities: Simulated responses prevent actual compromise
- Isolated containers: Complete separation from production networks
- Encrypted communications: All data transmission is encrypted
- Automated isolation: Compromised networks are automatically contained
Trusted by critical infrastructure including telecommunications and financial services.
Beelzebub helps meet multiple compliance requirements:
- NIS2 Directive: Addresses lateral movement detection requirements
- DORA: Operational resilience for financial services
- SOC 2: Security controls and monitoring
- GDPR: Data protection with privacy-by-design
- ISO 27001: Information security management
- NIST Cybersecurity Framework: Detection and response capabilities
All threat intelligence is processed securely:
- Data encryption: At rest and in transit
- Access controls: Role-based permissions for threat data
- Data retention: Configurable retention policies
- Anonymization: Personal data automatically scrubbed
- Sharing controls: Choose what intelligence to share externally
- GDPR compliant: Full data protection compliance
Absolutely! Deploy Beelzebub completely on-premises with:
- Local LLM deployment using Ollama
- On-site data processing - no cloud dependencies
- Private threat intelligence stays within your network
- Custom compliance for regulated industries
Perfect for government, defense, and highly regulated sectors.
Essentials (Small-Medium Business):
- Up to 10 honeypots
- Basic AI SOC automation
- Email/Slack alerting
- Community support
Professional (Enterprise):
- Unlimited honeypots
- Full AI SOC team
- Advanced threat intelligence
- Priority support & SLA
Enterprise (Critical Infrastructure):
- Custom deployment
- Dedicated support team
- Compliance consulting
- On-premises deployment options
Yes! We provide 30-day proof of concept deployments for enterprise customers:
- Free evaluation in your environment
- Dedicated technical support during POC
- Custom scenarios matching your threat landscape
- ROI assessment showing cost savings and threat detection improvements
- Migration assistance from existing honeypot solutions
Community Support (Open Source):
- GitHub issues and discussions
- Documentation and tutorials
- Community forum access
Professional Support:
- Email support with 24h response
- Video consultation sessions
- Configuration assistance
Enterprise Support:
- 24/7 phone and chat support
- Dedicated customer success manager
- On-site deployment assistance
- Custom training programs
Our customers typically see ROI through:
- 60% reduction in SOC operational costs through automation
- 80% time savings for security analysts (eliminate false positives)
- Faster threat detection - minutes vs hours/days
- Reduced breach impact through early lateral movement detection
- Compliance cost savings through automated reporting
For Developers/Technical Users:
- Star us on GitHub: github.com/mariocandela/beelzebub
- Quick start: Deploy with Docker in 2 minutes
- Join our community: Telegram channel for real-time updates
For Enterprise Customers:
- Book a demo: See Beelzebub in action against real attacks
- POC deployment: 30-day evaluation in your environment
- Enterprise deployment: Full implementation with support
Yes! We offer comprehensive training:
- Technical onboarding for security teams
- Executive briefings for leadership
- Custom workshops for specific use cases
- Certification programs for advanced users
- Documentation and video tutorials
- Best practices guides for different industries
Absolutely! Multiple ways to evaluate:
- Open source version: Free on GitHub, full functionality
- Managed platform trial: 14-day free trial with full features
- Enterprise POC: 30-day proof of concept with support
- Demo sessions: Live demonstration with real attack scenarios
Sales Inquiries:
- Book a demo: [calendar link]
- Email: sales@beelzebub-labs.com
- LinkedIn: Connect with Mario Candela (Founder)
Technical Support:
- GitHub Issues: For open source questions
- Email: support@beelzebub-labs.com
- Telegram: @beelzebubhoneypot (community)
Partnership Opportunities:
