$7,500 — a 2-week threat brief
from the honeypot fleet.
Pick the question your team can't easily answer from your own telemetry. We mine 16M+ honeypot events across the BoarNet fleet, deliver a 15-page analyst report with charts and pivots, and hand you a CSV of every relevant IP. Fixed scope, fixed price, two-week turnaround.
Faster than a recurring license. Cheaper than building the fleet.
The two audiences that close fastest: AI-security teams qualifying a detection model on real attacker traffic, and threat-intel vendors filling coverage gaps in their own product. Also useful for ML labs validating training-data quality and CERTs scoping a regional incident.
You're training a detection model and need labeled attacker traffic with ground truth on intent. A brief gives you a clean dataset for one threat class without the procurement overhead of an annual data license. If the model works, sign the annual.
Your customers want coverage in region R or industry X that your sensors don't see. Rather than deploy a new fleet, license our findings for the gap. The brief is the proof-of-coverage; the annual is the ongoing feed.
Four deliverables. Fixed scope.
Markdown + PDF. Charts, pivot tables, ASN breakdowns, JA4 fingerprint clusters, geo distribution. Written for an analyst audience — methodology section, not just bullets.
Every IP that matched your scope, with timestamps, sensor coverage, fingerprints, command samples, and tags. Loadable straight into Pandas, Splunk, or your warehouse.
The exact SQL we ran against the fleet, so your team can replay or extend the analysis. Comes with a sample-data snapshot so you can validate findings independently.
Live walkthrough of the findings with your team. Q&A, follow-up scoping. Recorded if you'd like.
The kind of brief that fits the fleet.
If your question can be answered by mining 90+ days of high-fidelity honeypot telemetry, it probably fits. If you need endpoint or netflow data, we'll tell you on the scoping call.
- · How is industry X being probed in the last 90 days?
- · What attacker TTPs target ASN Y? Top fingerprints, commands, payloads.
- · Which IPs probing port Z show coordinated infrastructure?
- · CVE-Q exploitation in the wild: who's scanning, from where, at what cadence?
- · Geo-anomaly: what's hitting region R that isn't hitting elsewhere?
- · Custom JA4 / JA3 fingerprint dossier: every sighting across the fleet, attributed.
Four steps. Two weeks from kickoff.
We confirm the question is answerable from the fleet's coverage, agree on the deliverable shape, and align on timeline. No commitment.
Plain-English SOW, fixed $7,500 price. 50% on signature, 50% on delivery. NDA available; we never publish your scoped findings without consent.
You get a midpoint check-in with preliminary findings. Adjust scope once if the data surprises us — no change order needed.
Report + CSV + queries land in your inbox. 30-minute live walkthrough. Credit toward an annual license if you sign one within 60 days.
Email research@boarnet.io.
Tell us the question. We'll reply with whether the fleet has the coverage to answer it, and a sample of what the deliverable would look like. The scoping call is free.