Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1552-unsecured-credentials

VIEW RULE IN DATADOG VIEW SIGNALS

Goal

Detect breaches reported by Have I Been Pwned, and enable timely triage and remediation based on severity.

Strategy

Monitor incoming breaches that contain the targeted email field to assess the impact and initiate security actions such as user notification, password resets, and incident escalation.

Triage and Response

1. Review the breach details {{@Name}} on {{@BreachDate}} to confirm the exposure and its recency.
2. Validate the targeted email {{usr.email}} against active user accounts and check recent login activity for anomalies.
3. Reset credentials, revoke active sessions, notify user and SOC team, or log for monitoring.