Plant realistic documents across your infrastructure — config files, database exports, credential sheets. When anyone opens them, you get an instant alert with their IP address and user agent.
[ALERT] kubeconfig.yaml accessed!
IP: 203.0.113.42
User Agent: curl/7.88.1
Time: 2026-03-22 08:15:33 UTC
[ALERT] production-backup.sql opened!
IP: 198.51.100.17
User Agent: Chrome/120 (Linux)
Time: 2026-03-22 12:44:09 UTC
[ALERT] client-list.xlsx downloaded!
IP: 10.0.3.88 (Internal)
User Agent: Edge/120 (Windows 11)
Time: 2026-03-22 15:22:41 UTC
Monitoring sensitive files...
.docx files with embedded tracking. Indistinguishable from real documents.
.xlsx files that phone home when opened. Perfect for financial decoys.
PDF documents that alert on open. Use for contracts, reports, policies.
YAML, JSON, TOML, .env — any text-based config format with embedded tripwire URLs.
Database export files that trigger when accessed. Detect backup theft.
Upload any file type. We'll embed tracking that fires when the file is opened or downloaded.
Strategic placement for maximum detection coverage.
S3, GCS, Azure Blob — place alongside real data for maximum believability.
Network drives and shared folders employees browse daily.
Config files and credential templates in private repos.
Database dumps and system backups that shouldn't be accessed.
Export directories where sensitive data is staged.
Internal wikis and knowledge bases with sensitive-looking files.
Full forensic data on every access.
Know exactly where the access came from, with city-level precision.
Browser, OS, version — identify the exact device used.
How they found the file — direct access, search, or internal link.
Millisecond-precise timing for correlation with other events.
Tag tripwires by department, sensitivity level, or location for easy filtering.
Plant tripwire SQL dumps in backup directories. Know immediately when someone accesses production data exports.
Place decoy backups alongside real ones. Catch unauthorized access to your backup infrastructure.
Embed tripwires in config files. Detect when kubeconfig, .env, or database.yml files are accessed.
Place decoy contracts, financial reports, and HR documents. Create a verifiable access audit trail.
Plant tripwire files in shared repositories and vendor-accessible storage. Detect third-party snooping.
Choose your file type and give it a realistic filename. We create a document with invisible tracking embedded.
Drop the file in cloud storage, shared drives, repos, or backup directories — anywhere you want to monitor.
The moment anyone opens or downloads the file, you get a full access report with IP, user agent, and timing.
Document tripwires are free on all plans. Start monitoring file access in minutes.