Have I Been Pwned latest breach detected

This rule is part of a beta feature. To learn more, contact Support.
have-i-been-pwned

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1552-unsecured-credentials

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect breaches reported by Have I Been Pwned, and enable timely triage and remediation based on severity.

Strategy

Monitor incoming breaches that contain the targeted email field to assess the impact and initiate security actions such as user notification, password resets, and incident escalation.

Triage and Response

  1. Review the breach details {{@Name}} on {{@BreachDate}} to confirm the exposure and its recency.
  2. Validate the targeted email {{usr.email}} against active user accounts and check recent login activity for anomalies.
  3. Reset credentials, revoke active sessions, notify user and SOC team, or log for monitoring.