We are aware of a potentially service impacting issue. Learn more

  Categories

Functions
20
Quick Reference
6
Security and Compliance
7
Welcome
9

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Domain Scanner: Darknet Intelligence Tab Print

  • 0

Domain Scanner: Darknet Intelligence Tab

Overview

The Darknet Intelligence tab in TRaViS EASM, located under the Domain Scanner section, provides a detailed analysis of exposed data and potential threats related to a specific domain, in this case, example.com, found on the dark web. Accessible via the Domain Scanner section in the left navigation menu, this tab leverages darknet monitoring to identify sensitive information such as passwords, breach data, and other compromised credentials or assets. Designed for Security Operations Center (SOC) teams, this page enables users to detect and respond to data exposures, mitigate risks, and enhance the domain’s security posture.

Note

Due to the sensitive nature of the data (e.g., exposed passwords, breach data), specific details will not be documented. The description will focus on the structure, functionality, and general purpose of the tab, ensuring compliance with confidentiality requirements.

Page Layout

The Darknet Intelligence tab is structured to deliver actionable insights into dark web exposures, with a clear and organized layout. The page includes:

  • Header Metrics Panel: Summarizes key darknet intelligence metrics.
  • Alert Data with Email Search: Displays alerts associated with email searches.
  • Active Alert Triage Tools: Provides tools for prioritizing and reviewing active alerts.
  • Navigation and Export Tools: Offers options for data management and reporting.

Key Features and Capabilities

Header Metrics Panel: Darknet Exposure Summary

The header section provides a snapshot of critical darknet intelligence metrics, enabling users to assess the domain’s exposure on the dark web.

  • Active Alerts:
    • Displays the number of active alerts (e.g., 1464 for example.com).
    • Benefit: Highlights the current number of unresolved exposures or threats requiring attention.
  • Employee Email Exposure:
    • Shows the number of individual exposures on the dark web (e.g., 71194 for example.com).
    • Benefit: Indicates the scale of email-related data leaks, aiding in prioritizing mitigation efforts.
  • Historic Alerts:
    • Lists the total number of dark web threats recorded historically (e.g., 1464 for example.com).
    • Benefit: Provides a historical context of threats, helping users track trends over time.

User Value: This panel offers a high-level overview of the domain’s dark web exposure, enabling users to prioritize incident response and resource allocation.

Alert Data with Email Search: Exposure Details

The main section of the page features a table listing alerts associated with email searches, providing details about potential exposures.

  • Columns:
    • ID: Lists a unique identifier for each alert (e.g., 1797999, 1797914).
      • Benefit: Provides a reference for tracking and managing individual alerts.
    • Alert Data: Displays the type or source of the alert (e.g., "Bulk Ingestion" with specific file or data identifiers).
      • Benefit: Indicates the origin or context of the exposure (e.g., breach data, leaked files), though specific details are omitted.
    • Email: Lists associated email addresses (e.g., placeholder data like drasax.madukir@pc.com).
      • Benefit: Identifies specific email accounts exposed on the dark web, enabling targeted remediation.
  • Data Examples:
    • Alerts with IDs like 1797999 and 1797914 are listed under "Bulk Ingestion" with associated email addresses (placeholders shown).
    • The table suggests multiple entries, indicating a variety of exposed data points.
    • Benefit: Allows users to correlate alerts with specific email accounts, facilitating investigation and response to sensitive data leaks.
  • Features:
    • Search Bar: Allows users to search for specific alerts or email addresses.
      • Benefit: Enhances usability by enabling quick lookup of relevant exposures.
    • Pagination: Supports navigation through multiple pages of alert data (e.g., Previous/Next buttons with 10 of 547 entries shown).
      • Benefit: Ensures scalability for domains with extensive darknet findings.

User Value: The Alert Data with Email Search section provides a detailed view of dark web exposures linked to email addresses, enabling users to identify and address specific incidents.

Active Alert Triage Tools: Prioritization and Response

The bottom section of the page features a table and tools for triaging active alerts, helping users prioritize and respond to threats.

  • Columns:
    • ID: Lists a unique identifier for each active alert (e.g., 1738033, 1737999).
      • Benefit: Provides a reference for tracking and managing active alerts.
    • Status: Indicates the status of the alert (e.g., "Active").
      • Benefit: Shows which alerts are currently unresolved, requiring immediate attention.
    • Date: Displays the date and time the alert was detected (e.g., Wed, 29 Nov 2024 17:31:01 GMT).
      • Benefit: Provides a timeline for tracking the recency of exposures.
    • Triage: Offers a "View" link for each alert.
      • Benefit: Allows users to drill down into detailed information about the alert (e.g., breach data specifics).
    • Result: Displays the triage result (e.g., "Good" in green, "Bad" in red).
      • Benefit: Provides a quick visual assessment of the alert’s severity or resolution status.
    • Action: Offers action buttons (e.g., red "Bad" buttons).
      • Benefit: Enables users to take immediate action, such as marking an alert as resolved or escalating it.
  • Data Examples:
    • Alerts with IDs like 1738033 and 1737999 are marked "Active," detected on various dates in November 2024, with triage results alternating between "Good" and "Bad."
    • The presence of red "Bad" buttons suggests unresolved or critical issues.
    • Benefit: Facilitates prioritization by highlighting active threats and providing actionable triage options.
  • Features:
    • Search Bar: Allows users to search for specific alerts or statuses.
      • Benefit: Enhances usability by enabling quick filtering of active alerts.
    • Pagination: Supports navigation through multiple pages of triage data (e.g., Previous/Next buttons with 10 of 547 entries shown).
      • Benefit: Ensures scalability for domains with numerous active alerts.
    • Export Options (CSV, PDF): Located above the table.
      • Benefit: Enables users to export triage data for detailed reporting or third-party analysis.

User Value: The Active Alert Triage Tools section empowers users to prioritize, investigate, and respond to dark web exposures efficiently, with visual cues and actionable options.

Navigation and Export Tools

The page includes tools for managing and sharing data:

  • Export Options (CSV, PDF):
    • Located above the Alert Data and Active Alert Triage tables.
    • Benefit: Allows users to generate reports for audits, compliance, or team collaboration.
  • Pagination:
    • Supports navigation through multiple pages of data (e.g., Previous/Next buttons with 547 total entries).
    • Benefit: Ensures scalability for domains with extensive darknet findings.
  • Left Navigation Menu:
    • Includes links to other TRaViS features (e.g., Dashboard, CVE Intelligence, Domain Scanner).
    • Benefit: Provides seamless access to additional tools and views within the TRaViS platform, with the Domain Scanner section expanded to show the Darknet Intelligence tab.

User Value: These tools enhance usability by enabling data export, efficient navigation, and integration with other TRaViS features.

Benefits for Security Teams

The Darknet Intelligence tab for example.com offers several key benefits:

  • Dark Web Exposure Detection: Identifies sensitive data (e.g., passwords, breach data) exposed on the dark web, providing early warning of potential threats.
  • Actionable Alerts: Lists alerts with email correlations and triage options, enabling targeted response to exposures.
  • Prioritization: Offers visual triage tools (e.g., "Good" vs. "Bad") to focus on critical issues.
  • Scalability: Handles large datasets with pagination and search capabilities, ensuring usability for extensive findings.
  • Proactive Security: Enables users to mitigate dark web threats before they are exploited, enhancing the domain’s security posture.

Conclusion

The Darknet Intelligence tab in TRaViS EASM, located under the Domain Scanner section, is a powerful tool for monitoring and responding to dark web exposures for a domain. By providing detailed alert data, triage tools, and efficient navigation options, it empowers security teams to detect, prioritize, and address sensitive data leaks (e.g., passwords, breach data) effectively. This documentation will continue to expand as additional pages and features are explored, with sensitive details omitted to respect confidentiality.

Was this answer helpful?

Related Articles

CDN & WAF Tab: Infrastructure Security Analysis Page Layout The Domain Details page is structured to deliver both high-level insights and... Content Discovery Tab: Web Content Analysis Domain Details Page Overview The Domain Details page in TRaViS EASM provides an in-depth... Dashboard Guide TRaViS EASM System Documentation Introduction Welcome to the official documentation for TRaViS... Detected Domains Tab: Domain Asset Discovery Domain Details Page Overview The Domain Details page in TRaViS EASM provides an in-depth... Domain Details Domain Details Page Overview The Domain Details page in TRaViS EASM provides an in-depth...
« Back

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket