Skill

implementing-deception-based-detection-with-canarytoken

From asi

Deploys and monitors Canary Tokens via Thinkst Canary API for deception-based breach detection using web bug, DNS, document, and AWS key tokens. Useful for cybersecurity tripwires.

Python

AWS

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Canary Tokens are lightweight tripwire mechanisms that alert when an attacker accesses a resource. This skill uses the Thinkst Canary REST API to programmatically create tokens (web bugs, DNS tokens, MS Word documents, AWS API keys), deploy them to strategic locations, monitor for triggered alerts, and generate deception coverage reports.

SKILL.md

Similar Skills

implementing-deception-based-detection-with-canarytoken

5.9k

Deploys and monitors Canary Tokens via Thinkst Canary API for deception-based breach detection using web bug, DNS, document, and AWS key tokens.

3 files

cybersecurity-skills

implementing-honeytokens-for-breach-detection

Deploys honeytokens like fake AWS credentials, DNS canaries, document beacons, and DB records using Canarytokens API and webhooks to alert on attacker access. For intrusion detection systems.

asi

implementing-deception-based-detection-with-canarytoken

Deploys and monitors Thinkst Canary tokens via Python API, including Web Bug, DNS, document, and AWS key tokens for deception-based intrusion detection, alerts, and coverage reports.

3 files

cybersecurity-skills-zh

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Implementing Deception-Based Detection with Canarytoken

Overview

When to Use

When deploying or configuring implementing deception based detection with canarytoken capabilities in your environment

When establishing security controls aligned to compliance requirements

When building or improving security architecture for this domain

When conducting security assessments that require this implementation

Prerequisites

Thinkst Canary Console or canarytokens.org account

API auth token from Canary Console

Python 3.9+ with requests

File system access for deploying document and file tokens

Steps

Authenticate to the Canary Console API using auth_token

Create web bug (HTTP) tokens for embedding in documents and web pages

Create DNS tokens for monitoring DNS resolution attempts

Create MS Word document tokens for file share deployment

List all active tokens and their trigger history

Query recent alerts for triggered token events

Generate deception coverage report with deployment recommendations

Expected Output

JSON report listing all deployed Canary Tokens, trigger history, alert details, and coverage analysis

Deployment map showing token types across network segments