# Breach detection

Breach Detection continuously monitors credential databases across the internet to alert you the moment your organization's accounts appear in data breaches.

<figure><img src="/files/cS68sGncFSotC2YHcIGp" alt=""><figcaption></figcaption></figure>

## How Breach Detection Works

<figure><img src="/files/PCJVdsXwTF5TfDJdTdMN" alt=""><figcaption></figcaption></figure>

### Continuous Data Monitoring

Sentry integrates with constantly updated breach databases and dark web monitoring services to track:

* Major public data breaches (historical and new)
* Credential dumps on hacking forums
* Dark web marketplaces selling access credentials
* Paste sites and leak repositories
* Stealer malware logs

### Monitored Email Addresses

Sentry automatically monitors:

* All organization member email addresses
* Email addresses associated with verified domains (@yourcompany.com)
* Individual team member personal emails (with permission)
* Service accounts and automated systems

### Breach Intelligence

When credentials are found, Sentry provides:

* Source of the breach (service name, breach date)
* Types of data compromised (passwords, security questions, personal info)
* Severity assessment based on data exposed
* Whether passwords were hashed or plaintext
* Estimated breach date and discovery date

## Integration with Other Features

**Tasks**: Breach remediation actions automatically create tasks assigned to affected users.

**Webhooks**: Configure webhooks to forward breach alerts to Slack, Discord, PagerDuty, or your incident response platform.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sentry.auditware.io/monitoring/breach-detection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.