search_events_tool
Search and retrieve raw honeypot events filtered by source IP, country, ASN, port, protocol, HTTP method, or time range.
Instructions
Return individual raw honeypot events with all fields. Use when the user wants to see actual records: 'show me events from this IP', 'what hit port 443 last week', 'events from Russia yesterday'. Filters: source_ip, country (2-letter code), asn (e.g. 'AS12345'), dest_port, protocol ('tls' or ''), http_method. since/until are ISO-8601 UTC strings. Each record includes: source_ip, country, asn, dest_port, user_agent, url_path, tls_client_ja4, http_request_ja4h, ssh_client_hassh, network_protocol, timestamp.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| since | Yes | ||
| until | Yes | ||
| source_ip | No | ||
| country | No | ||
| asn | No | ||
| dest_port | No | ||
| protocol | No | ||
| http_method | No | ||
| limit | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |