Thinkst Canary

By presenting itself as an apparently benign and legitimate service(s), the Canary draws the attention of unwanted activity. When someone trips one of the Canary's triggers, an alert is sent to notify the responsible parties so that action can be taken before valubale systems in your network are compromised.

Deception & Breach Simulation · Thinkst Canary

Configuration parameters

  • server — Canary Server URL (e.g., https://***.canary.tools) (required)
  • auth_token — API Authentication Token
  • authentication_token
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • isFetch — Fetch incidents
  • fetchDelta — First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
  • incidentType — Incident type

Commands (6)

  • canarytools-check-whitelist

    Checks whether a given IP address and port are on allow list.

  • canarytools-edit-alert-status

    Edits the status for an alert in Canary Tools.

  • canarytools-get-token

    Fetches a Canary Token file from the Canary Tools server.

  • canarytools-list-canaries

    Lists all registered Canaries.

  • canarytools-list-tokens

    Lists all Canary tokens.

  • canarytools-whitelist-ip

    Adds an IP address to the allow list in Canary.