Why am I seeing this note?
While we’ve worked hard to make sure that Canarytokens chirp when it matters, we realise that some solutions will occasionally touch Canarytokens in ways that look a lot like attacker behaviour.
We want to let you know this is happening, but we also want to let you know that from our vantage point, this doesn’t look like a full-blown attack.
We use these tiny but visible annotations on alerts to let you know our thoughts.
What's TruffleHog?
TruffleHog is an open-source secret scanning engine that detects and helps find exposed secrets across your network.
When a TruffleHog scanner encounters potential credentials like Slack or AWS API key Canarytokens, it uses these keys to verify they are active. This verification process will trigger an alert that someone has used your Slack or AWS API key Canarytoken.
So, what does this mean?
We add these annotations to give you some context to why you may be seeing this incident.
If you have seen this annotation, we have deduced that the alert source looks sufficiently like a scan from TruffleHog.
How do I ignore these alerts?
How do I ignore these alerts?
If you make use of Trufflehog in your environment and would prefer to no longer receive these alerts, simply click on the "Ignore alerts like this." button, which will add them to your Global Ignored Alerts list.
We won't notify you of these alerts any longer, but you can still access them if needed later.