When threat actors steal account credentials, they often post a portion of the information on the Dark Web. At first, they will post a portion of the information for sale. After several months, the entire data set is likely to be available.
You can use the Bolster Dark Web module to detect compromised accounts that surface on the Dark Web sites monitored by Bolster.
Step 1: Add Search Terms
To catch mentions of compromised accounts, you can look for Breach Data For Sale containing your email domain.
Click Submit to start your new search.
Step 2: Confirm Search Results
Your search launches immediately after you submit it. Once it is done, you can review the Active Findings list to confirm that you are identifying the intended information.
You can use a filter to quickly show only the findings related to the search you created in step 1.
Click Apply to confirm that your search is netting the results you intended.
Click an entry to review the sensitive information detected.
Step 3: Create a Playbook
Once you confirm that the information is of interest, you can create a playbook to automatically route information from this search on a regular basis.
A well-formed playbook will filter out the noise and irrelevant findings, leaving the primary findings to focus on.
In this case, the playbook might:
- include results from the last 2 days
- show emails that include your email domain
- collect the results of the search you created
- send a CSV to the configured Slack channel every Monday