One-Click DeployHetznerVultrDigitalOceanAuto-TeardownAttack Likelihood Zones

Deploy honeypots and sensors anywhere. One click.

Multi-tor Automation provisions cloud-based honeypots and network sensors across Hetzner, Vultr, and DigitalOcean with one click. Attack Likelihood Zones guide placement. Auto-teardown and auto-redeploy handle the lifecycle.

Request a Demo See Active Defense

How It Works

Four steps from provider selection to a live collector reporting back to your control plane.

Step 1

Choose Provider

Hetzner Cloud, Vultr, or DigitalOcean

Step 2

Select Region

Pick from Attack Likelihood Zones or choose custom

Step 3

Configure

Choose collector size, enable NetWatch (Zeek + Suricata), set TTL

Step 4

Deploy

One click -- collector is live and reporting within minutes

Attack Likelihood Zones

Not all cloud regions are equal. Attack Likelihood Zones rank regions by observed scanning and attack traffic so you can place collectors where adversaries are most active.

Tier	Classification	Description
Tier 1	Maximum Exposure	Regions with highest known scanning/attack traffic
Tier 2	High Exposure	Significant attacker presence
Tier 3	Moderate Exposure	Balanced attacker traffic
Tier 4	Low Exposure	Reduced scanning activity
Tier 5	Custom	Deploy to specific regions for targeted engagements

Lifecycle Management

Collectors manage themselves. Set the policy and the platform handles provisioning, teardown, and recovery.

Auto-Teardown

Ephemeral collectors with configurable TTL. Automatically destroyed when engagement ends. No orphaned infrastructure.

Configurable TTLEphemeralNo orphaned infra

Auto-Redeploy

Persistent collectors automatically reprovisioned if they go down. Zero-downtime monitoring.

Auto-reprovisionPersistent modeZero downtime

NetWatch Integration

Full network monitoring from minute one.

Enable the "Include NetWatch" checkbox during deployment and Zeek + Suricata auto-deploy alongside honeypots on every new collector. No separate setup, no manual configuration -- full network visibility from the moment the collector comes online.

One-checkbox enableZeek + SuricataAuto-deploy with collector

Security

Every collector is isolated, authenticated, and ephemeral by default.

Per-collector API keys

Each collector gets its own tenant-scoped authentication

Tailscale mesh

Secure connectivity between control plane and collectors

Ephemeral by design

Collectors destroyed on schedule, no persistent attack surface

Start deploying collectors

Provision honeypots and network sensors across cloud providers in minutes. Talk to our team to get started.

Request a Demo Explore NetWatch