Skip to main content

Darkmon - Compromised Credentials Sweep

This Playbook is part of the Darkmon Pack.#

Supported versions

Available on Cortex XSOAR (versions 6.8.0 and later).

Polls Darkmon for compromised credentials, filters to the customer's email/web domains, dedupes via state list, and creates a 'Darkmon Compromised Credential' incident per new account. Triggered on a 4-hour Job.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Darkmon - Generic Notify

Integrations#

  • Darkmon

Scripts#

  • DarkmonCreateIncidents
  • DarkmonFilterUnseen

Commands#

  • dmontip-get-compromised

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

PathDescriptionType
NewAccountsCompromised account records that triggered new incidents this run.unknown
Darkmon.Compromised.AccountRaw compromised account data returned by Darkmon.unknown
Edit this page
Report an Issue