Description: You have the ability to create a Canarytoken that has a unique Internet resolvable domain name.

Why does this matter? Once you are able to get an alert for a DNS based token, or a Web based token, you have the building blocks for squillions of possible tripwires.

Follow the steps below to create a DNS Canarytoken:

Step 1:

Console Login.png

Step 2:

Select the Canarytokens tile.

Step 3:

Select the DNS token from the list.

CleanShot 2024-07-22 at 16.30.30@2x.png

Step 4:

Over time, if you are using tokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is as descriptive as possible, and we will remind the future you of where the token was dropped. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.

Note: we chose "Placed In Jims .ssh/config File" as the reminder

CleanShot 2024-07-22 at 16.30.44@2x.png

Step 5:

Copy the token and place it in its intended location.

CleanShot 2024-07-22 at 16.31.00@2x.png

Alert:

An alert is triggered when the domain name is resolved.

CleanShot 2024-07-22 at 16.31.12@2x.png

That's it, you're done ;-)

Search

How do I create a DNS Canarytoken?