Think of alerts as digital bear traps that help you catch a problem. You set the trap and when it fires this will be logged on your timeline. You can also configure alerts to be sent to your email address or call a webhook.
You can monitor for certain events to happen. Basically anything you can formulate as a
query can become an Alert. Just go to
alerts in the left hadn menu, click "New alert", and enter the query you want. Next you can specify the trigger condition. The alert will trigger if the number of results of the query is greater than, less then, equal to or not equal to (you can set this) a threshold value you can specify.
Next, you can specify the trigger action. In any case, and event indicating your alert fired will be added to your timeline. Additional actions are sending the results of the query as Excel, csv, json or file file by email, or calling a webhook will the results as json data.
There are two basic types of OSINT sources you can monitor for keyword: datadumps and news websites. You monitor datadumps for dataleaks: internal documents, source code, hacked accounts, passwords, api key and so on. Since journalists report about security problems as well, it can be useful to monitor the news too.
If, for example, you want to be alerted when your email addresses appear on a copy-paste site on the internet, you can set a trap to monitor for the domain part of your email address (
@shadowtrackr.com) in datadumps. We monitor lots of sources and regularly revise them, but these days more than 90% of traps fire on pastebin.com.
When your company appears in the news due to a databreach or hack you'll want to be the first to know of course. For us, this means we monitor the following keyword combinations in the news:
shadowtrackr dataleak
shadowtrackr hack
shadowtrackr confidential
Note that if you use multiple keywords the trap will fire only if they all occur in the text (but there can be other words in between). If you want a literal match (no other words in between), like "strictly confidential", you can put double quotes around the words. You can combine this with other, non-literal words, just like in a Google search.
By default only whole words are matched. If you want to match partial words (like
sub in
subdomain) you need to tick the optional checkbox for that.
Ever heard of the canaries that miners took with them in coal mines? These little birds are more sensitive to dangerous gasses than humans. If a canary suddenly died the miners knew there was a dangerous gas leak, and still had time to get out. Canary tokens are the digital version of this. You hide them on your server, laptop, website or even in your mailbox. When they are used, you know something is wrong.
If you want to know more about canary tokens, read this
introduction to Canary tokens on the Thinkst blog. You can create canary tokens for free on
canarytokens.org. The process is simple and fast.
You can add your canary tokens to ShadowTrackr. This means they will be logged and you have the option to convert them into email alerts or push messages to your smartphone (if you install the app).
