Thinkst Canary
By presenting itself as an apparently benign and legitimate service(s), the Canary draws the attention of unwanted activity. When someone trips one of the Canary's triggers, an alert is sent to notify the responsible parties so that action can be taken before valubale systems in your network are compromised.
Deception & Breach Simulation · Thinkst Canary
Configuration parameters
server— Canary Server URL (e.g., https://***.canary.tools) (required)auth_token— API Authentication Tokenauthentication_token—insecure— Trust any certificate (not secure)proxy— Use system proxy settingsisFetch— Fetch incidentsfetchDelta— First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)incidentType— Incident type
Commands (6)
-
canarytools-check-whitelistChecks whether a given IP address and port are on allow list.
-
canarytools-edit-alert-statusEdits the status for an alert in Canary Tools.
-
canarytools-get-tokenFetches a Canary Token file from the Canary Tools server.
-
canarytools-list-canariesLists all registered Canaries.
-
canarytools-list-tokensLists all Canary tokens.
-
canarytools-whitelist-ipAdds an IP address to the allow list in Canary.