57 Canary tokens via commercial console
The same canary detection bought rather than built: a commercial console (Thinkst Canary) mints Drive documents, AWS keys, Office files and DNS tokens, and maintains the alert routing for them. Tokens go one per location, so the alert identifies the breach point, and alerting lands out-of-band, outside the tenant being defended.
Caveats
Setup steps
-
- Alerting destination
out-of-band mailbox/Slack, outside the defended tenant
-
One token per location so the alert identifies the breach point
-
Ongoing maintenance
- automatable: AI agent Quarterly: inventory deployed tokens against the register and replace fired ones.
How to verify
Trip one token of each deployed type and confirm the console records it and the notification arrives.
v0.0.1Detectedition All (3rd-party $) policy #30 · #33 (gap G1) ↗