Holoscope: Open and Lightweight Distributed Telescope & Honeypot Platform

TL;DR

Holoscope is a lightweight, cloud-native platform that simplifies deploying and managing distributed sensors for monitoring and analyzing malicious network traffic across multiple networks.

Contribution

It introduces a modular, secure, and automated platform built on K3s and WireGuard for distributed attack monitoring and analysis.

Findings

Successful deployment across multiple institutions and cloud networks

Provides unified visibility into large-scale attack phenomena

Supports dynamic sensor orchestration and automated recovery

Abstract

The complexity and scale of Internet attacks call for distributed, cooperative observatories capable of monitoring malicious traffic across diverse networks. Holoscope is a lightweight, cloud-native platform designed to simplify the deployment and management of distributed telescope (passive) and honeypot (active) sensors, used to collect and analyse attack traffic by exposing or simulating vulnerable systems. Built upon K3s and WireGuard, Holoscope offers secure connectivity, automated node onboarding, and resilient operation even in resource-constrained environments. Through modular design and Infrastructure-as-Code principles, it supports dynamic sensor orchestration, automated recovery and processing. We build, deploy and operate Holoscope across multiple institutions and cloud networks in Europe and Brazil, enabling unified visibility into large-scale attack phenomena while maintaining ease of integration and security compliance.