Darkmon - Compromised Credentials Sweep

Polls Darkmon for compromised credentials, filters to the customer's email/web domains, dedupes via state list, and creates a 'Darkmon Compromised Credential' incident per new account. Triggered on a 4-hour Job.

Darkmon · 8 tasks · 0 inputs · 2 outputs

Outputs

  • NewAccounts — Compromised account records that triggered new incidents this run.
  • Darkmon.Compromised.Account — Raw compromised account data returned by Darkmon.

Commands used

dmontip-get-compromised

Flowchart

yes Start Start Fetch latest compromised accounts - dmontip-get-compromised Fetch latest compromised ... dmontip-get-compromised Filter to customer domains and unseen account IDs - DarkmonFilterUnseen Filter to customer domain... DarkmonFilterUnseen Create one incident per new account - DarkmonCreateIncidents Create one incident per n... DarkmonCreateIncidents Notify SOC - Darkmon - Generic Notify Notify SOC Darkmon - Generic Notify Done Done Is Darkmon integration available? - IsIntegrationAvailable Is Darkmon integration av... IsIntegrationAvailable Done Done