Mentions

The Mentions section provides visibility into how your organization, brand, or digital assets are being discussed or exposed across underground ecosystems such as dark web forums, black markets, and messaging platforms. Each mention represents a potential threat, ranging from leaked credentials and stolen data to illicit offers involving your company’s name or infrastructure.

This section acts as an early-warning system, helping analysts detect risks before they escalate. By consolidating all references in one place and equipping analysts with filters, search options, and bulk actions, the dashboard ensures that no mention is overlooked and that investigations can be prioritized effectively.

Filters and Actions

This section is located at the top of the Mentions tab, directly above the list of mention records. It provides quick filters and bulk action controls to manage all detected mentions efficiently.

All

  • Displays the total number of mentions detected by the system.

  • Includes both resolved and unresolved records.

Resolved

  • Shows only mentions that have been marked as addressed and closed by analysts.

  • The number in parentheses indicates how many are currently resolved (here: none).

Not Resolved

  • Filters for mentions that still require review or remediation.

  • eg. 26 mentions are still open.

Search Bar

  • A free-text search field for quickly locating specific mentions.

  • Analysts can enter keywords, domain names, or company references to narrow results.

Category Dropdown

  • Allows filtering by the classification of the mention.

  • Categories may include data leaks, credential sales, marketplace offers, or other threat types.

Keywords Dropdown

  • Provides a way to refine mentions using predefined or custom keywords.

  • Helps analysts isolate references tied to sensitive terms like brand names, domains, or product identifiers.

Mark All As

  • A bulk action button for changing the status of all mentions at once.

  • Options include:

    • Resolved → Marks all mentions as handled.

    • Unresolved → Reverts them back to open state if needed.

  • Useful when processing large volumes of mentions to maintain dashboard accuracy.

Mentions Categories

Located directly under the filters in the Mentions tab, this section divides all detected mentions into specific categories. Each category shows a number badge indicating how many mentions are currently available.

What it includes:

  • All Mentions

    • Displays the total number of mentions gathered across all sources.

    • Useful for analysts who want a consolidated view of every detection without filtering by source.

  • Telegram Mentions

    • Shows mentions discovered in Telegram groups and channels often used by cybercriminals.

  • Russians and Black Market

    • Focuses on underground marketplaces, including Russian-language forums and dark web shops where data is traded.

  • Dark Web Forums

    • Represents discussions or posts in hidden forums on the dark web.

Mention Record

Each mention is presented in the form of a detailed intelligence card that consolidates all critical attributes in a structured way. This design ensures analysts not only see what was detected but also gain the necessary context from threat actor identity to technical indicators to properly assess risk and respond effectively.

Information Provided:

  • Title / Source Name – The name of the entity, company, or service referenced in the dark web mention. It identifies the target or subject of exposure.

  • Published Date – The exact timestamp when the mention first appeared on the underground source. This helps establish how long the data has been circulating.

  • Last Request – Indicates the most recent time analysts or the system requested further investigation or validation. Provides traceability for follow-up actions.

  • Action – Describes the adversary’s intent (e.g., Buy, Sell, Leak). This clarifies whether data is being traded, offered for free, or requested.

  • City / Region – Geographic indicator tied to the threat actor or the targeted data. It may hint at localization of the attack or intended victim region.

  • Size – The file size of the stolen or leaked data package, giving insight into its scale (e.g., small credential list vs. large corporate database).

  • Price – The monetary value assigned by the threat actor if the data is for sale. This shows how cybercriminals are attempting to monetize the breach.

  • Stealer – The malware family or infostealer used to harvest the data (e.g., Lumma, RedLine). Identifying the malware helps correlate tactics, techniques, and procedures (TTPs).

  • Threat Actor – The alias or handle of the attacker posting the mention. Tracking these identities helps in attribution and intelligence correlation.

  • Info / Outlook / Struct – Additional metadata fields where actors sometimes include descriptions, future intentions, or data structure details. Even when empty, their presence shows that the platform is prepared to capture extended context.

  • Detection Date – When the system first flagged the mention.

  • Links – Direct references (domains, IPs, services) contained in the mention. These links are critical for enrichment, investigation, and threat-hunting.

  • Mark As Resolved – Analysts can close the case once reviewed and handled, ensuring workflow discipline and accurate reporting.

  • Source Label (e.g., Russian Market Mention) – Identifies which underground channel the mention originated from, giving context about credibility and risk level.

  • Request to Investigate

    Used to escalate a mention directly to our investigation team, enabling deeper analysis and the collection of extended intelligence beyond what is automatically displayed by the system.

PreviousBotnetsNextBreaches

Last updated

Was this helpful?