Always Free · No Registration Required

Tripwire Documents

Plant trackable documents that look like sensitive files. When someone opens them — whether a malicious insider or an attacker with stolen access — you'll know immediately.

Create Free Tripwire See How It Works

Trackable Document Types

Create tripwire versions of common file types that alert you when opened.

Kubernetes

Kubeconfig Files

Kubernetes config files that detect when attackers try to access clusters.

  • Triggers when kubectl is used
  • Captures client IP and timing

Word Documents

HR documents, internal memos, strategy docs.

  • Triggers on document open
  • Compatible with Microsoft Word

Excel Spreadsheets

Salary data, customer lists, financial models.

  • Fires when spreadsheet loads
  • Works with Excel and compatible apps

Tripwire URLs

Fake password reset links, internal wiki pages, API endpoints.

  • Instant alert on click
  • Custom domains available

How It Works

Deploy tripwire documents in minutes. No agents, no complex setup.

1

Create a Tripwire

Choose your document type and give it a realistic name. We generate a trackable file ready for deployment.

2

Plant It

Drop the tripwire in file shares, cloud storage, email attachments, or anywhere a curious attacker might look.

3

Get Alerted

When someone opens the document, you get an instant alert with their IP address, location, and timing.

Where to Deploy Canaries

File Shares & Cloud Storage

  • S3 buckets, Google Drive, SharePoint
  • Network file shares (SMB/CIFS)
  • Dropbox, Box, OneDrive

Developer & IT Environments

  • Internal wikis (Confluence, Notion)
  • Documentation sites
  • Password manager entries

Email & Communications

  • Email attachments (test for BEC)
  • Shared mailboxes
  • Fake "password reset" links in test emails

Insider Threat Detection

  • HR folders (salary data, termination lists)
  • Executive file shares
  • M&A / confidential project folders

What You'll See

When a tripwire document is opened, you get instant, actionable intelligence.

Tripwire Alert: prod-cluster.kubeconfig accessed
Document: prod-cluster.kubeconfig
Opened at: 2025-01-13 14:23:41 UTC
Source IP: 185.234.xx.xx
Location: Moscow, Russia
ASN: AS12345 - SuspiciousHost Ltd
User Agent: Adobe Acrobat Reader
Tor Exit: Yes
VPN Detected: Likely

Know When Your Documents Are Stolen

Deploy tripwire documents in minutes. Included in all plans starting at £49/month.

Start Free Trial View Pricing