Have I Been Pwned Integration
Created by Troy Hunt, as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. He wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.
This site came about after what was, at the time, the largest ever single breach of customer accounts — Adobe. Troy often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.
Configure Have I Been Pwned Integration
-
In the Cisco XDR navigation menu, choose Administration > Integrations.
-
On the Integrations page, click the Third-Party tab and navigate to the Have I Been Pwned integration.
-
Click the plus sign (+) in the lower-right corner of the card. The Have I Been Pwned integration page is displayed.
-
Expand the Integration Guide area and follow the instructions on how to add the Have I Been Pwned integration in Cisco XDR.
What's Next
You can perform the following tasks after you integrate Have I Been Pwned with Cisco XDR:
-
Investigations - Start a new investigation into email addresses and the results will include any records of them found in Have I Been Pwned. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Have I Been Pwned has recent information. For details, see Investigate.