creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-deception-based-detection-with-canarytoken/SKILL.md
T
mukul975 efca3ec611 feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
2026-04-06 11:17:40 +02:00

2.0 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf
name description domain subdomain tags version author license nist_csf
implementing-deception-based-detection-with-canarytoken Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens. cybersecurity deception-technology
canarytoken
deception
honeytokens
breach-detection
Thinkst-Canary
tripwire
early-warning
1.0 mahipal Apache-2.0
DE.CM-01
DE.AE-06
PR.IR-01

Implementing Deception-Based Detection with Canarytoken

Overview

Canary Tokens are lightweight tripwire mechanisms that alert when an attacker accesses a resource. This skill uses the Thinkst Canary REST API to programmatically create tokens (web bugs, DNS tokens, MS Word documents, AWS API keys), deploy them to strategic locations, monitor for triggered alerts, and generate deception coverage reports.

When to Use

  • When deploying or configuring implementing deception based detection with canarytoken capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Thinkst Canary Console or canarytokens.org account
  • API auth token from Canary Console
  • Python 3.9+ with requests
  • File system access for deploying document and file tokens

Steps

  1. Authenticate to the Canary Console API using auth_token
  2. Create web bug (HTTP) tokens for embedding in documents and web pages
  3. Create DNS tokens for monitoring DNS resolution attempts
  4. Create MS Word document tokens for file share deployment
  5. List all active tokens and their trigger history
  6. Query recent alerts for triggered token events
  7. Generate deception coverage report with deployment recommendations

Expected Output

  • JSON report listing all deployed Canary Tokens, trigger history, alert details, and coverage analysis
  • Deployment map showing token types across network segments
Reference in New Issue View Git Blame Copy Permalink