It might be more interesting to run a honeypot inside your infrastructure, to detect intrusions into your network.
The problem with honeypots is that they generally only attract very generic attacks, so they are only interesting for people who want to research the current attack landscape.
Targeted attacks only go for valuable resources, so you'd have to make your honeypot looks valuable.
So if you have an SSH honeypot inside your network, use 'git' or 'scm' or so as part of the hostname, and hope that people will think they can find source code there.
By putting a honeypot inside your network, you tune out the noise of generic, automated attacks. So you get a much higher signal/noise ratio.
On a similar note, at a previous job (.edu) we had an intrusion detection system that sat just inside the firewalls that only watched outbound traffic. Overall, we received much more valuable (read: actionable) data from it than the external monitoring systems.
The problem with honeypots is that they generally only attract very generic attacks, so they are only interesting for people who want to research the current attack landscape.
Targeted attacks only go for valuable resources, so you'd have to make your honeypot looks valuable.
So if you have an SSH honeypot inside your network, use 'git' or 'scm' or so as part of the hostname, and hope that people will think they can find source code there.
By putting a honeypot inside your network, you tune out the noise of generic, automated attacks. So you get a much higher signal/noise ratio.