CanaryPulse

CanaryPulse is a lightweight threat-detection web app + endpoint agent that focuses on one thing most teams miss: early lateral movement and credential misuse inside the network. Instead of trying to be a full SIEM, it deploys decoy “canary” assets (fake admin shares, service accounts, API keys, RDP targets) and watches for any touch, then correlates that with endpoint and identity signals to produce a high-confidence alert. The product is built for small security teams that are drowning in noisy EDR/SIEM alerts and can’t tune detections for months. Setup is intentionally opinionated: a guided wizard, sane defaults, and a short list of alerts that are hard to ignore. It integrates with Microsoft 365/Azure AD, Okta, and common EDRs to enrich alerts and provide a simple investigation timeline. It won’t replace enterprise platforms, but it can materially reduce time-to-detect on real intrusions.