LongTail is both a honeypot and a set of programs that analyze ssh brute force login attempts. It performs not only the standard what passwords are being tried, also analyzes them based on accounts tried. Where LongTail goes that nobody else currently does is that it groups them into attack patterns, and then provably groups attacking IP addresses into botnets that are controlled by a single person or group of people. This talk contains light technical details on how this is done so it can be followed by non-technical staff, but is technical enough that the results can be reproduced by technical staff.