# Dark Web Monitoring ## Overview CybrHawk Dark Web Monitoring continuously searches underground forums, marketplaces, data dumps, and criminal infrastructure for compromised credentials, sensitive data, and mentions of your organization. Findings are ingested into the platform and correlated with SOC workflows to enable rapid detection and response to external exposures. *** ## How It Works * CybrHawk monitors a wide range of dark web sources, including credential dumps, marketplaces, forums, and paste sites. * Custom watchlists are configured for your organisation (e.g., domains, email addresses, keywords). * When matches are detected, they are collected, normalised, and ingested into the CybrHawk platform. * Results appear in dashboards and reports, and are reviewed by the SOC team. * Alerts are prioritised based on severity, e.g., valid credentials with recent breach data are treated as higher risk. * Correlation with internal telemetry highlights if exposed credentials or data are already being used in active attacks. *** ## How to Activate Dark Web Monitoring To enable Dark Web Monitoring for your organization, contact your CybrHawk representative.\ Provide a list of your email-enabled domains. Our team will configure your custom watchlist and begin monitoring immediately. *** ## Dark Web Reports All vulnerability findings are available in the **Analyst Console**, while summary reports can be exported from our **Customer Portal**. Reports include: * Discovered compromised credentials or data. * Contextual details such as breach source, date, and content type. * Severity ratings and recommendations for response. * Historical trend of exposures over time. * Export options (PDF) for offline analysis and compliance reporting. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/attack-surface-management/dark-web-monitoring.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.