Hi @zapsoda ! Great question!
MHN is where CHN came from; we forked that project about 1.5 years ago and have been working to maintain it since then. In terms of project comparisons, I think the biggest difference is that CHN is based on Docker images for the server and individual honeypots, while MHN used custom scripts to install the software onto the local OS in a traditional manner
So the CIF bit only works if you’re contributing to the STINGAR project, which is restricted to education institutions only at the moment. :-/
OR if you run your own CIF instance for collecting data, but that would likely be overkill for a single instance. If it’s just a single CHN server, I would configure the logging and then pull the logs off somewhere convenient
So our concept when we architected this was basically:
The biggest difference is the granularity of data: with the CHN logs, you can see username/password attempts, commands run, etc, while with the CIF data it’s basically a summary: this IP/URL/hash, this time, this honeypot type