When you use our online services or downloaded tools, as part of the service offering, we collect the personal information you give us such as your name, userid, IP address and email address.
EndPoint Scanning Tool: The EPST collects the hostname, internet address, internal IP address, running username, as well as metadata on any suspected malware hits. Sightings (the indicator name and metadata) and the contents of the epstresults.json or trace.log are uploaded back by default. Retention: These results are deleted after 90 days. File hits from hashes or Yara signatures may be uploaded if the file is less than 10 Mb in EPST tool version 1.1 or greater. A list of any files uploaded to us will be recorded in detected.txt. Files are retained for 90 days unless "Send to Scanners" is clicked sending the file to the malware scanning service. You may opt-out of automatic file content sharing by including an empty file .DoNotSendSamples in the same directory as the tool and signatures.
EndPoint Scanning Tool Communications: 32bit and 64bit will communicate with endpoint.cancyber.org using SSL encryption and your authorized tool key. The XP/2003 version will download signatures and upload hits using plaintext HTTP and transmits your tool key over plaintext.
ZEEK Network Module: The Zeek/BRO Module collects packet header information for indicator hits and certain status information.
When an indicator hit occurs in the Zeek intelligence Framework transmits the hit item and location of hit (Intel hit on bad domain.com at DNS::IN_REQUEST), Bro node, Bro session uid, source IP+port+method, destination IP+port+method, direction if known, and the session size of the originator and responder. HTTP hits include the full URL, method, and hostname. HTTPS include the SNI hostname requested by the client and the remote certificate issuer field. SMTP hits may include the Receipt-to addresses, From address and Subject envelope information. DNS hits include the record type requested. Retention: These results are deleted after 90 days.
Content Signature Framework matches also report up to 2000 bytes of the captured packet/session. Retention: These results are deleted after 90 days.
General status information included in indicator download requests: External IP address, Zeek version, CanCyber module version, and packet statistics such as dropped packets, packets received, packets on the link, and bytes received.
Zeek/BRO Network Module Communications: will communicate with endpoint.cancyber.org using SSL encryption and your authorized tool key.
Slack: Use of, and messages posted on our private member-only Slack team are under the terms and conditions provided by Slack and outside of CanCyber Foundation control.
Deletion requests: We will honour any deletion requests from member organizations for any reason or 3rd parties that feel their data may have been inadvertently recorded by our scanning tools. All scanning and network monitoring results are deleted after 90 days.
Malware Scanning: Malware samples submitted through the web or email submission address or manually sent from the EPST Result portal for analysis are processed by internal systems, commercial analysis appliances, and by contracted 3rd parties. Submitted files may be shared by the commercial and 3rd parties for cyber defensive purposes and retained indefinitely. Deletion requests: We will make every effort to delete samples and reports from our systems which contain proprietary or sensitive content, however, we cannot control the storage of third parties after a sample has been processed.
Network appliance: the network appliance comes preinstalled with the CanCyber Zeek module. Optional pcap recording of recent full content network traffic can be optionally stored locally (usually up to the last 8GB). The appliance can be either remotely managed through a reverse shell accessed by CanCyber staff only, or can be managed by the user. See the terms of service for limited liability disclaimer. Remotely managed clients consent to CanCyber staff reviewing available pcap to confirm, evaluate and debug sightings. Warning: The CanCyber Zeek module is designed to detect known APT and other threats and is not a complete intrusion detection system or a replacement for commercial monitoring.
When you browse our site, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our services, news and other updates.
How do you get my consent?
When you provide us with personal information we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at the address below.
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
Anonymized usage (without victim identifiers except Country, Province, and Sector) from sightings or from usage of the CanCyber tools may be shared with other members to provide top hits, a snapshot of recent activity, or feedback/validation of indicators and signatures provided.
Our online services are hosted at Amazon, Inc. They provide us with the online platform that allows us to offer our products and services to you.
Your data is stored in Amazon’s data storage, databases and other services. while we make every effort to use Canadian storage, some services may store or transmit your data through the United States or other countries.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows us store information about your session
_CAKE_PHP, unique token, sessional, used by MISP
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to offer products and services to you.
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at the general contact address below.