Honey File Monitoring
Basically, the honey detection strategies and actual implementations are based on what you are trying to detect, your assumptions and the risk your organization can accept. I saw many organization refuse to consider any kind of honeypot including virtual honeypot due to they think the risk are too high. So, what is something attractive to an attacker and also benefit to us as defender ?