Description: What happens if you deploy a token that an attacker trips, and then discovers? Can the attacker trip it repeatedly just to annoy you?
Aside from the fact that your Canarytoken server will attempt to rate limit alerts, any token may be disabled to stop the alerts and then re-enabled at a later stage.
Note: A token can also be permanently deleted - see guide here
Follow the steps below to disable/enable a Canarytoken:
Step 1:
Log in to your Console.
Step 2:
Select the Canarytokens tile.
Step 3:
Enter the name of the token you want to disable/enable in the search bar.
Step 4:
Select the token from the search history.
Note: we searched and selected "AWS API Key on desktop"
Step 5:
You can disable/enable the token under Token Status.
- Token disabled
- Token enabled
You're done! ;-)