Deploy honeypots and sensors anywhere. One click.
Collector Fleet gives you two ways to get signal where you need it. One-click provisioning to Hetzner, DigitalOcean, or Vultr runs a fully managed collector on your accounts in minutes. Or download the collector artifact and deploy it yourself on any infrastructure of your choice -- any cloud, VPS, private network, on-prem, colocation, or edge. Attack Likelihood Zones guide placement. Self-updating agents and auto-geo from cloud region keep the fleet current. Auto-teardown and auto-redeploy handle the lifecycle.
Two ways to deploy. Same collector.
Every environment is different. Some teams want the fastest path to a working honeypot. Others need collectors inside air-gapped networks, sovereign clouds, or infrastructure the vendor never gets to touch. Collector Fleet handles both.
One-click provisioning
Pick a region, press deploy. Collector Fleet spins up a fully managed collector on Hetzner, DigitalOcean, or Vultr using your cloud credentials. Self-updating agents keep it current. Auto-geo tags the region automatically. Attack Likelihood Zones guide placement. Auto-teardown and auto-redeploy handle the lifecycle.
Download and self-deploy
Download the collector artifact and run it on any infrastructure you control -- any cloud, VPS, bare-metal server, private network, on-prem environment, colocation cage, or edge device. Collectors are adversary-facing and outbound-only, so they work behind strict firewalls without inbound ports. Ideal for air-gapped, sovereign, or regulated environments.
How It Works
Four steps from provider selection to a live collector reporting back to your control plane.
Choose Deploy Mode
One-click provisioning to Hetzner, DigitalOcean, or Vultr -- or download the collector artifact and run it on any infrastructure you control
Select Region
Pick from Attack Likelihood Zones or choose custom
Configure
Choose collector size, enable NetWatch network monitoring, set TTL
Deploy
One click -- collector is live and reporting within minutes
Attack Likelihood Zones
Not all cloud regions are equal. Some attract orders of magnitude more scanning, brute-force, and exploitation traffic than others. Attack Likelihood Zones rank deployment regions by observed adversary behavior across the collector fleet — so you can place ephemeral honeypots where they collect the most signal, and persistent monitoring where the noise floor is lowest.
| Tier | Classification | Description |
|---|---|---|
| Tier 1 | Maximum Exposure | Regions with highest known scanning/attack traffic |
| Tier 2 | High Exposure | Significant attacker presence |
| Tier 3 | Moderate Exposure | Balanced attacker traffic |
| Tier 4 | Low Exposure | Reduced scanning activity |
| Tier 5 | Custom | Deploy to specific regions for targeted engagements |
Tiers are continuously refreshed from observed scanning and attack traffic across the deployed collector fleet. The exact per-region ratios and the underlying scoring weights stay private — published ratios become a placement signal adversaries can exploit. The tiering surfaces in the deploy UI so operators get the recommendation without seeing the raw numbers.
Lifecycle Management
Collectors manage themselves. Set the policy and the platform handles provisioning, teardown, and recovery.
Auto-Teardown
Ephemeral collectors with configurable TTL. Automatically destroyed when engagement ends. No orphaned infrastructure.
Auto-Redeploy
Persistent collectors automatically reprovisioned if they go down. Zero-downtime monitoring.
Enable the "Include NetWatch" checkbox during deployment and the full NetWatch sensor stack auto-deploys alongside honeypots on every new collector. No separate setup, no manual configuration -- full network visibility from the moment the collector comes online.
Security
Every collector is isolated, authenticated, and ephemeral by default.
Per-collector API keys
Each collector gets its own tenant-scoped authentication
Encrypted mesh VPN
Secure connectivity between control plane and collectors over an encrypted mesh with automatic key rotation
Ephemeral by design
Collectors destroyed on schedule, no persistent attack surface
Start deploying collectors
Deploy collectors in minutes -- one click to Hetzner, DigitalOcean, or Vultr, or download and run them on any infrastructure you need. Talk to our team to get started.