Fake files. Real alerts. Scout drops decoy documents into your cloud storage. When they're opened, you get an instant alert.
From $9/mo. Set up in under 2 minutes. Cancel anytime.
Scout creates realistic decoy documents and drops them into your Cloud Storage. When someone accesses a decoy, you get an instant alert.
Create decoy Word docs, PDFs, spreadsheets, or tracking links. Scout plants them directly into your Cloud Storage.
When someone opens a decoy file, clicks a tracked link, or looks up a DNS record, Scout captures everything. They don't know you know.
Get a push notification with source IP, country, city, browser, ISP, and VPN/Tor detection. Plus a step-by-step response playbook.
Word doc, DNS record, QR code, database creds. 17 types to choose from.
Scout connects to your Cloud Storage and drops the decoy directly.
Push notification: who accessed it, from which IP, what country, exact timestamp.
Drop realistic-looking files into your cloud storage. Each one is a silent alarm.
Word Doc
Excel Sheet
QR Code
Web URL
DNS Record
Need more? The Infrastructure Pack adds 6 extra token types for configs, credentials & code.+$5/mo
Connect Google Drive, OneDrive, Dropbox. Scout plants decoy files directly into your chosen folders.
Real-time push notifications on iOS and Android. Source IP, geolocation, and device info instantly.
Plant canary tokens as Gmail or Outlook email drafts with embedded tracking pixels.
Sign in with Microsoft Entra ID. Link your Azure AD tenant for automatic team provisioning.
Multiple tokens from same IP? Scout auto-escalates severity. Lateral movement detected.
Your canary tokens run on Scout's infrastructure. No third-party dependencies. Full control over your data.
Every activation comes with step-by-step recommended actions based on the token type and severity. No security expertise required.
Database credentials, API keys, VPN configs
Rotate all credentials
Change passwords and API keys for the affected service immediately.
Block the source IP
Add the attacker's IP to your firewall deny list.
Scan for malware
Run a full security scan on systems that had access.
Check for lateral movement
If multiple tokens triggered, the attacker may be moving through your network.
Escalate to your security team
This is a critical incident. Notify immediately.
Documents, DNS records, email addresses
Identify who has access
Check sharing settings on the folder where the token was planted.
Change sensitive credentials
If the decoy file looked like real credentials, change the real ones.
Review access logs
Check Google Drive or OneDrive activity for download events.
Enable 2FA everywhere
Turn on two-factor authentication on all affected accounts.
Web URLs, QR codes, redirect links
Identify the source
Check the IP and geolocation. Does it match a known user?
Review shared links
Check if the document or link was shared outside your org.
Revoke shared access
Remove public or shared links from your cloud storage.
Monitor for patterns
Watch for repeated activations from the same IP address.
Playbooks are shown automatically when a token triggers. Available on all plans.
From protecting source files to detecting lateral movement in enterprise networks.
Plant decoy credentials in config files, repos, and build systems. Know instantly when someone tries to use them.
Drop tripwire documents into Google Drive, OneDrive, and SharePoint. Get alerted when sensitive-looking files are opened or downloaded.
Place canary tokens around executive files, finance folders, and privileged systems. Surface unauthorized access before damage is done.
No tiers. No feature gates. Full power from day one.
For everyone
or $84/year (save 22%)
Need more coverage?
+$5/mo — Infrastructure Pack: 6 extra token types for configs, credentials & code
For teams & enterprises
Cancel anytime. No long-term contracts.
Know the moment someone accesses your sensitive files, credentials, or cloud storage.
Get Started$9/month. Cancel anytime.