LúminaKite
Credential exposure

Identity leak monitoring

Credential exposure is easier to manage when findings become cases, not spreadsheets. LuminaKite routes domain and identity searches through enabled providers, deduplicates hits and gives teams a case workflow.

Operational outcomes

Identity Leaks

  • Monitor verified corporate domains, customer lists and VIP identities.
  • Route searches to providers that support domain or identity queries.
  • Classify exposure types such as password, hash, combo, stealer log, cookie session and access sale.
  • Create cases, assign owners and track mitigation status.

Core capabilities

Asset coverage
Create leak-monitoring assets for domains, uploaded customer lists and high-risk identities.
Provider routing
Resolve effective providers by capability, plan policy, organization overrides and available API keys.
Finding deduplication
Normalize hits into findings with redacted identity, exposure type, source label, confidence and timestamps.
Case workflow
Group findings into cases with severity, status, assignees, notes and mitigation actions.
Provider governance
Platform administrators can manage external providers, plan policies, priorities, query limits and organization overrides.

How the module works

1

Configure providers

Enable providers that support the required search types and store API keys at the appropriate scope.

2

Create monitored assets

Add verified domains, identity assets or customer lists that should be checked on schedule.

3

Run scheduled or manual searches

Jobs execute provider queries, record usage and normalize hits into findings.

4

Triage cases

Analysts review severity, exposure type and related evidence before closing or escalating cases.

Signals and evidence

identity redaction and target domain
provider and source label
exposure type and confidence
first seen and last seen timestamps
case status, assignee and mitigation action

Common use cases

Protect executive accounts

Monitor VIP identities for exposure that could lead to account takeover or targeted phishing.

Manage customer-list exposure

Track whether high-value customer identities appear in leak sources and convert findings into cases.

Measure provider value

Use provider usage and hit counts to understand which external data sources are producing useful signal.

Frequently asked questions

Can providers be controlled per plan or organization?

Yes. The platform supports provider plan policies and organization overrides, including priorities and monthly query limits.

Are identities shown in plain text?

Findings can include redacted identity fields for review while sensitive values are handled through the platform's data model and controls.

Can findings become cases?

Yes. Findings can be grouped into cases with severity, status and actions so remediation is trackable.

Does every provider support every query type?

No. Providers declare whether they support domain search, identity search or both, and routing respects those capabilities.

Related modules