Existing distributed network observation platforms face challenges including high deployment complexity, poor elasticity, and difficulty in establishing secure overlay networks when managing passive telescopes and active honeypots. To address these issues, this paper proposes a lightweight cloud-native observation platform. The platform introduces a novel integrated architecture combining K3s and WireGuard to enable zero-trust secure networking, fully automated node onboarding, and elastic operation under resource-constrained conditions. It leverages Infrastructure-as-Code (IaC), modular microservices, and dynamic orchestration with self-healing capabilities to significantly improve operational efficiency and system robustness. Deployed at scale across multiple institutions and cloud platforms in Europe and Brazil, the platform delivers unified attack-situation visualization while ensuring ease of deployment and compliance with cybersecurity protection regulations (e.g., China’s MLPS). It establishes a scalable, highly trustworthy infrastructure paradigm for global collaborative monitoring of malicious traffic.

The complexity and scale of Internet attacks call for distributed, cooperative observatories capable of monitoring malicious traffic across diverse networks. Holoscope is a lightweight, cloud-native platform designed to simplify the deployment and management of distributed telescope (passive) and honeypot (active) sensors, used to collect and analyse attack traffic by exposing or simulating vulnerable systems. Built upon K3s and WireGuard, Holoscope offers secure connectivity, automated node onboarding, and resilient operation even in resource-constrained environments. Through modular design and Infrastructure-as-Code principles, it supports dynamic sensor orchestration, automated recovery and processing. We build, deploy and operate Holoscope across multiple institutions and cloud networks in Europe and Brazil, enabling unified visibility into large-scale attack phenomena while maintaining ease of integration and security compliance.