Note: Users are automatically added to Compromise Monitor when they are invited to a Samurai XDR account. Additional ad/hoc accounts cannot be added at this point in time.
Compromise Monitor utilizes curated Threat Intelligence gathered from NTT Security Holdings Global threat intelligence team.
Information is specific to identified data leaks and compromises against the Samurai XDR registered email addresses only.
Sources include: dark web, deep web and open-source communities.
You can find this handy new feature in our Tools menu.
Login to Samurai XDR, navigate to the Tools menu on the sidebar. Select the Tools icon.
Once Tools is selected you will see the dashboard tile "Compromise Monitor".
This high level view will show you the following statistics:
The number of Samurai User accounts that have been known to be compromised.
Total number of Samurai users that are monitored (equals the number of users in the account)
Detailed view is expanded by clicking on the arrow in the top right of the dashboard tile, as highlighted in the figure above.
The detailed view shows the last time the content has been updated. Update cycle is 24 hours, daily.
The view below shows no user accounts compromised.
The tabular item as shown above will include the following items when a compromise has been detected:
Filtered under the user email (this corresponds to the user account used to access Samurai XDR):
Source - the source of the compromise discovery, the the site that published the exposure information
Detail - the web site that was compromised or the details of the leak
Description – further information about the leak, such as discovery dates or scope of breach
Date - the date of the compromise
Type - the type of exposure, e.g. Leak
Compromised data - the data that was obtained or leaked, such as: email password (hashed or not), name, etc
Samurai XDR platform does not store PII or Personal identifiable information including passwords or hashes. Only the context of reported leaked is included and not the actual information.