Configuring the Breaches module (admin)
The Breaches module offers 2 main settings to define how (and to whom) alerts are sent.
❶ Enable automatic notifications (recommended)
Objective: quickly alert the people concerned when a new breach / infostealer is detected.
Enable the Notifications option
When a detection occurs, employees concerned are notified immediately by Albert (Riot recommendation)
Why it's useful:
reduces reaction time
improves adoption of best practices (MFA, password changes, etc.)
reduces the risk of reusing compromised credentials
❷ Enable personal address monitoring (recommended)
Objective: allow employees to add one (or more) personal email address(es) to monitor.
Enable the Personal address monitoring option
Each employee can then choose to activate (or not) monitoring of their personal addresses
Important:
You have no visibility on alerts related to personal addresses.
These alerts are anonymous on the admin side.
Only the person concerned is notified (via Albert and/or their portal).
❸ Manually send an alert on a breach
In addition to automatic notifications, you can trigger a notification on a specific breach:
Open a breach/infostealer in the Breaches module.
In the details panel, click on Inform employees.
Choose: all affected employees, or a manual selection.
Good to know: from this panel, you have access to additional information (origin, number of people affected, etc.).
❹ Launch a phishing campaign from a breach (Optional)
You can also directly from a breach:
create a phishing campaign: the audience is pre-selected with the affected people
an AI-generated template can be suggested
Configuration recommendation
Enable Notifications to automate alerts via Albert.
Enable Personal email monitoring to extend protection, while maintaining the confidentiality of personal addresses.