XDR deception - decoy working - lures not deploying

Steel Contributor

Hi everyone,

 

i am trying to create some custom deceptions with the help of this blog post:

Stack Your Deception: Stacking MDE Deception Rules with Thinkst Canarytokens · Attack the SOC

 

The decoys are working (if i ping a host i specified - alerts are raised).

But i cannot find the lures. I created some special lures for high privilege personas and placed them into {HOME}\ and a filepath beneath that.

But i cannot find the files (show hidden is on). Are the folders also created by deception?

It's 5 days now - so time should also not be the problem.

 

How to troubleshoot?

 

BR

Stephan

4 Replies
Anyone can help with this? Still not deployed on clients.
I had the same problem when I tried the deception features , sad to see it still exists. Actually, kind of annoying. Why release a preview feature that doesn't perform the basic function?
From the date of the file it was placed @ 09-19-2024 - so it took about 10 days. But it is there now.
Wow. That's bizarre. I certainly did not wait long enough then. Thanks for sticking it out, I will give it another try.