Skip to main content

Playbook 1: Account footprint

  1. Start with username and email searches.
  2. Correlate overlaps across modules.
  3. Build a timeline from key events.
  4. Export findings for reporting.

Playbook 2: Infrastructure mapping

  1. Start from a domain.
  2. Expand to DNS, subdomains, and linked IPs.
  3. Analyze geolocation and hosting context.
  4. Track changes with monitoring alerts.

Playbook 3: Breach triage

  1. Search by email or username.
  2. Review available leak providers (plan dependent).
  3. Score exposure severity.
  4. Escalate with timeline and evidence exports.

Good practice

  • Keep each case in a dedicated project.
  • Add attachments and notes as evidence.
  • Use monitoring to detect new signals after initial analysis.