Configuring the Breach Monitor

Our paid subscribers have access to create stored searches that run overnight on a daily basis against the data collected from our breach scraper services.  

To access this functionality, click on an option called "Breach Monitor" in the left menu:



Clicking on the Breach Monitor link will take you to the configuration page where you can set up and manage these stored search terms.

Understanding the Add Monitor Terms functionality

The "Add Monitor Terms" function presents four key "Monitor Type" options:

  • IP Address
  • Case-insensitive Phrase
  • Email Domain 
  • Domain Name (no sub-domains)

The selection of one of these "Monitor Types" dictates the approach of the custom search routine that runs.  In simple terms:

  • Choosing "Email Domain" will only pull out instances of the domain that are preceded by an @ sign, indicative of an e-mail address
  • Choosing IP Address or Domain Name (no sub-domains) will look for an exact match, and as the name suggests will exclude sub-domain by default (so searching for will not return entries for
  • Case-insensitive Phrase will return all matches of the phrase

Note that you can also use wildcards in these search routines.  The * wildcard will result in sub-domains being included, and any partial matches also being included.  For example:

  • * will return as well as and anything else ending in the suffix.

Common use cases
The following are the most common use cases that are currently deployed:

  1. Domain Name: *<yourdomain>  (where <yourdomain> is or similar) - This is a simple wildcard search against the domain, will return every record in the database with your domain in it, including email addresses, and capturing all subdomains.
  2. Email Domain: <youremaildomain>  (where <youremaildomain> is or siliar; you don't need the @ sign) - This will pick up any appearance of a <something>@<youremaildomain>.  This will be a sub-set of the results returned from the above wildcard search.
  3. Case-insensitive Phrase: <secret-project-name> This will pick up any appearance of the secret project name in the data dumps.  Relies heavily on the uniqueness and rarity of the secret project name to avoid masses of false positives.

What happens after the search runs?
Every night, the breach monitor search runs against the data found that day.  The results are emailed directly to our subscribers each morning.