Have I Been Pwned latest breach detected

This rule is part of a beta feature. To learn more, contact Support.
have-i-been-pwned

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1552-unsecured-credentials

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect breaches reported by Have I Been Pwned, and enable timely triage and remediation based on severity.

Strategy

Monitor incoming breaches that contain the targeted email field to assess the impact and initiate security actions such as user notification, password resets, and incident escalation.

Triage and Response

  1. Review the breach details {{@Name}} on {{@BreachDate}} to confirm the exposure and its recency.
  2. Validate the targeted email {{usr.email}} against active user accounts and check recent login activity for anomalies.
  3. Reset credentials, revoke active sessions, notify user and SOC team, or log for monitoring.