but before I do, I figured I’d ask if anyone’s aware of any tools/software that covers my basic needs of setting something basic that may alert me if there are any intruders in the network?
Needs:
- Fake ssh login that can trigger a script so I can take care of the rest.
- Fake network share (cifs/samba) that can trigger a script if anything tries to access it.
Would be great if there are any docker images I can just pull, make some minor edits, and run.
Thanks!
I am not affiliated with them, but you can get a trigger file (Canary Token) from the people at Thinkst. I quickly looked around their site, and did not see how, but their adds say you can get them for free, without having to buy their canary hardware device.
https://canarytokens.org/generate should work just fine