In the Deep & Dark Web workspace, we have a lot of different use cases and incident types. Now this is reflected in the ticket type field and, consequently, customers have the power to manage user permissions according to the types of tickets they can view and act on.
This also gives a lot of flexibility to improve the experience for each type of ticket, allowing to easily create new display rules, actions that can be taken, and more. And it even makes the Deep & Dark Web workspace the same standard as the others.
The ticket types:
Data exposure in messaging app:
All tickets that have content containing exposed credit card or exposed credentials;
Ticket with reference from WhatsApp, Telegram, and Discord;
Data exposure in website:
All tickets that have content containing exposed credit card or exposed credentials;
Ticket with reference URL - Darknet, Forums, Markets, etc.;
Data sale in messaging app:
All tickets that have content containing data sale, except for those also containing exposed credit card or exposed credentials;
Ticket with reference from WhatsApp, Telegram, and Discord;
Data sale in website:
All tickets that have content containing data sale, except for those also containing exposed credit card or exposed credentials;
Ticket with reference URL - Darknet, Forums, Markets, etc.;
Fraud tool or scheme in messaging app:
All tickets that have content containing fraud tools, except for those also containing data sale, exposed credit card, or exposed credentials;
Ticket with reference from WhatsApp, Telegram, and Discord;
Fraud tool or scheme in website:
All tickets that have content containing fraud tools, except for those also containing data sale, exposed credit card, or exposed credentials;
Ticket with reference URL - Darknet, Forums, Markets, etc.;
Suspicious activity in messaging app:
All tickets that have content containing suspicious messages, automatic bot messages, personal data consultation via BIN, personal data consultation via CPF, and without content, except for those also containing fraud tools, data sale, exposed credit card or exposed credentials;
Ticket with reference from WhatsApp, Telegram, and Discord;
Suspicious activity in website:
All tickets that have content containing suspicious messages, automatic bot messages, personal data consultation via BIN, personal data consultation via CPF, and without content, except for those also containing fraud tools, data sale, exposed credit card or exposed credentials;
Ticket with reference URL - Darknet, Forums, Markets, etc.;
Infrastructure exposure
Previously classified as Vulnerability.
Ransomware Attack Alert
All tickets generated as a result of ransomware groups announcing new victims;
Ticket with reference to the group, victim, and date of attack.
11. Deep & Dark Web Activity
Although no longer in use, it's important to remember that there may be legacy tickets of the type Deep & Dark Web Activity, which was the only type of ticket in the corresponding workspace for a significant period. These tickets documented any suspicious activity found on the deep & dark web.
If you have any questions, feel free to reach out at [email protected] 😊