← Back to catalog Canarytokens · managed by DINAO

Your intrusion traps, hosted in France

A honeytoken console powered by Canarytokens, installed and maintained by DINAO. Scatter decoys across your system — and get alerted at the first intrusion, with no background noise.

Hosted in FranceDeception DetectionEmail & Webhook AlertsGDPR CompliantOfficial publisher image
Overview

What is Canarytokens?

Canarytokens is a deception-based intrusion detection tool developed by Thinkst. It generates « honeytokens » — decoy tokens such as files, URLs, AWS keys, DNS entries, or Office documents — which you scatter throughout your information system.

The principle is simple : these decoys should never be touched during normal operation. As soon as an attacker accesses one, an alert is triggered and sent via email or webhook. A throttling mechanism (defaulting to one alert per IP per minute) prevents saturation, and support for multiple email providers (SMTP, Mailgun, Sendgrid, Mandrill) ensures deliverability.

A web console allows you to create and manage tokens. The self-hosted version deploys via Docker (frontend + switchboard), making it a discreet detection component with a very low false positive rate, ideal as a complement to standard security tools.

Compatible offers

Host Canarytokens at DINAO

Resource tiers compatible with Canarytokens prerequisites (minimum 1 vCPU / 1 Go / 2 Go). Hosted in France, fully managed.

Découverte
1 vCPU · 2 Go · 20 Go
9,90 € /month excl. VAT
  • 1 dedicated vCPU
  • 2 Go RAM
  • 20 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Performance
4 vCPU · 8 Go · 80 Go
39,90 € /month excl. VAT
  • 4 dedicated vCPU
  • 8 Go RAM
  • 80 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Dédié
8 vCPU · 16 Go · 160 Go
79,90 € /month excl. VAT
  • 8 dedicated vCPU
  • 16 Go RAM
  • 160 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Under the hood

Technical details

vCPU
1 vCPU
ideal : 2 vCPU
Memory
1 Go
ideal : 2 Go
Disk
2 Go
ideal : 5 Go
Image : thinkst/canarytokens:latest Registry : docker.io Services : redis, frontend, switchboard Ports : 8082, 25, 53
FAQ

You might be wondering…

What is a canarytoken?

It is a « decoy token » (honeytoken) : a file, URL, AWS key, or document that you place in a strategic location. No one should touch it during normal use ; as soon as an attacker accesses it, you are alerted — proof that an intrusion is underway.

What types of decoys can I create?

Many types : fake AWS IAM keys, DNS entries, web / URL tokens, trapped Word or PDF documents, and more. You scatter them where an intruder would be tempted to search.

How am I alerted when a trigger occurs?

Via email and / or webhook, in real time. A throttling mechanism limits noise (defaulting to one alert per IP per minute), allowing you to focus on relevant signals.

Where are the console and alerts hosted?

On DINAO infrastructure in France, in one of the available datacenters. Your tokens and triggers do not leave the territory.

Can I integrate Canarytokens with my SIEM?

Yes. Webhook alerts allow you to forward triggers to your existing SIEM or monitoring tools, centralizing your detection.