❶ Purpose of the Breaches module
The Breaches module helps you identify when (professional) email addresses appear in a data breach or an infostealer, then alert the people concerned so they can take the right steps (e.g. change their password, enable MFA, etc.).
❷ Breaches & infostealers: what are we talking about?
Data breach: leak of information (credentials, emails, passwords, etc.) from a compromised third-party service.
Infostealer: malware capable of stealing information (sessions, passwords, browser data, etc.) and exfiltrating it.
❸ What you see as an administrator
From the Breaches module, you access a dashboard listing all detected alerts.
You can filter by:
criticality
status
date
❹ What employees see
Each employee finds a summary of detected breaches on their email addresses in their portal.
Breaches linked to a professional address can be tracked in Riot.
Breaches linked to a personal address (if the option is enabled) remain private: only the person concerned is notified.
Employees can:
view the breaches associated with their addresses
mark a breach as "resolved"
earn the associated Karma points
❺ The 2 alert modes (automatic vs manual)
There are two ways to notify the people concerned:
Automatic alert (recommended): Albert automatically notifies when a new breach/infostealer is detected.
Manual alert: an admin triggers a notification from a specific breach (useful if you want to choose the right moment, add internal context, etc.).
Key takeaways
The module is used to detect and inform quickly.
Employees are encouraged to take action and close the alert once done.