Forum Discussion
Honeytoken alerts FP
Hi! We do have a lot of "Honeytoken activity" since 23.11.2022 starting in the evening (MET timezone). Normally, in the past this kind of alert only appeared during planed penetration tests and ...
Wouldn't it be easier to exclude the host devices that performed this activity as its benign? Then you don't lose the functionality when it's performed from an abnormal source.
Hi Daniel, Could you please share the playbook for the below honey token alert? Like When to consider alert as FP and on what basis do we need to exclude the host's devices?