What happens if you deploy a Canarytoken that an attacker trips, and then discovers? Can the attacker trip it repeatedly just to annoy you?
Aside from the fact that your Canarytoken server will attempt to rate limit alerts, any Canarytoken may be disabled to stop the alerts and then re-enabled at a later stage.
A Canarytoken can also be permanently deleted - see guide here.
Follow the steps below to disable/enable a Canarytoken:
Step 1: Log in to your Console
Step 2: Click the Canarytokens tile
Click the Canarytokens tile or click Add a new Canarytoken.
Step 3: Search for your Canarytoken
Enter the name of the Canarytoken you want to disable/enable in the search bar.
Step 4: Select the Canarytoken
Select the Canarytoken from the search history.
We searched and selected "AWS API Key on desktop".
Step 5: Toggle the Canarytoken
You can disable/enable the token under Token Status.
Token disabled:
Token enabled: