When used the honey token might make a GET HTTP call to a public facing URL or IP. What is a Honey Token? A honey token is a digital artifact like a Word Document, Windows Folder, or JavaScript file that when opened or accessed will act as a digital trip wire and alert you to being used. Today you can walkthrough and expand your threat detection capabilities in Azure Sentinel using Honey Tokens or in this case Canarytokens.
Ross Bevington first explained this concept for Azure Sentinel in “Creating digital tripwires with custom threat intelligence feeds for Azure Sentinel”. In addition, you can create digital trip wires and send that data to Azure Sentinel. Those sources can be firewall logs, security events, audit logs from identity and cloud platforms. With Azure Sentinel you can receive all sorts of security telemetry, events, alerts, and incidents from many different and unique sources.