Skill UI

This skill utilizes the Thinkst Canary REST API to programmatically deploy various decoy tokens, including web bugs, DNS records, MS Word documents, and AWS API keys. By monitoring these fake resources, the system detects unauthorized internal or external access attempts, providing early warnings and generating detailed deception coverage reports to strengthen security architecture.

This guide details the deployment of deception technologies, including canary files and honeypot shares, to detect ransomware activity at its earliest stages. It outlines configuring file integrity monitoring (FIM) and using specialized tokens to trigger alerts when ransomware attempts encryption or performs lateral movement, significantly enhancing security posture beyond standard EDR.

This skill guides the deployment of canary tokens and honeytokens across critical systems, such as fake AWS credentials, DNS records, and document beacons. These decoys are designed to trigger immediate alerts via webhooks when accessed by attackers, serving as a powerful early warning system for breach detection and intrusion detection.

This skill outlines the architecture and methodology for deploying canary files (honeytokens) across critical file systems. By placing decoy documents with known content in high-value locations, this system monitors for unauthorized modifications, deletions, or encryption attempts. It detects ransomware by triggering high-fidelity alerts via File Integrity Monitoring (FIM) systems, serving as a crucial deception layer that complements existing EDR/AV solutions.

This skill details the deployment of various canary tokens (DNS, HTTP, AWS API Keys) across enterprise network infrastructure. It establishes digital tripwires that detect behavioral anomalies, such as unauthorized access, credential leakage, or lateral movement. Tokens are configured with webhook alerts (Slack, SIEM) for real-time, low-false-positive notification, significantly enhancing traditional IDS/IPS capabilities.