Identity leak monitoring
Credential exposure is easier to manage when findings become cases, not spreadsheets. LuminaKite routes domain and identity searches through enabled providers, deduplicates hits and gives teams a case workflow.
Operational outcomes
Identity Leaks
- Monitor verified corporate domains, customer lists and VIP identities.
- Route searches to providers that support domain or identity queries.
- Classify exposure types such as password, hash, combo, stealer log, cookie session and access sale.
- Create cases, assign owners and track mitigation status.
Core capabilities
How the module works
Configure providers
Enable providers that support the required search types and store API keys at the appropriate scope.
Create monitored assets
Add verified domains, identity assets or customer lists that should be checked on schedule.
Run scheduled or manual searches
Jobs execute provider queries, record usage and normalize hits into findings.
Triage cases
Analysts review severity, exposure type and related evidence before closing or escalating cases.
Signals and evidence
Common use cases
Protect executive accounts
Monitor VIP identities for exposure that could lead to account takeover or targeted phishing.
Manage customer-list exposure
Track whether high-value customer identities appear in leak sources and convert findings into cases.
Measure provider value
Use provider usage and hit counts to understand which external data sources are producing useful signal.
Frequently asked questions
Can providers be controlled per plan or organization?
Yes. The platform supports provider plan policies and organization overrides, including priorities and monthly query limits.
Are identities shown in plain text?
Findings can include redacted identity fields for review while sensitive values are handled through the platform's data model and controls.
Can findings become cases?
Yes. Findings can be grouped into cases with severity, status and actions so remediation is trackable.
Does every provider support every query type?
No. Providers declare whether they support domain search, identity search or both, and routing respects those capabilities.