# Alert Workflow ### Immediate Notifications When a breach is detected: 1. **Instant Alert**: Organization admins receive immediate notification 2. **Affected User Notification**: Individual whose credentials were found is notified 3. **Risk Assessment**: Automatic severity scoring based on data type 4. **Recommended Actions**: Step-by-step remediation guidance ## Breach Monitoring Best Practices **Unique Passwords Everywhere**: Use a password manager to ensure every service has a unique password. When a breach occurs, only one account is compromised. **Enable 2FA Universally**: Two-factor authentication dramatically reduces the value of stolen passwords to attackers. **Monitor Personal Emails**: Team members should add personal email addresses to monitoring, as breaches of personal accounts often lead to work account compromises. **Regular Password Rotation**: For critical systems, implement regular password rotation policies (90 days). **Breach Drills**: Periodically test your breach response process with tabletop exercises. **Password Manager Required**: Make password manager usage mandatory for all team members. **Incident Response Plan**: Have a documented process for handling breach notifications. ## Understanding Breach Sources Breaches come from various sources: **Service Breaches**: Legitimate services get hacked (LinkedIn, Adobe, Dropbox, etc.). Not your fault, but you still need to respond. **Stealer Malware**: Malware on devices exfiltrates stored passwords. Indicates endpoint compromise requiring immediate action. **Phishing**: User tricked into entering credentials on a fake site. Requires security awareness training. **Supply Chain**: Third-party service you integrate with gets breached, exposing your data. **Insider Threat**: Rare but serious - someone with authorized access leaks credentials. ## Breach Statistics and Trends ### Organization Dashboard View breach trends for your organization: * Total breaches detected over time * Most affected services * Average time to remediation * Password reuse patterns * 2FA adoption rates ### Individual User View Each team member can see: * Their own breach history * Services where they're at risk * Password hygiene recommendations * Comparison to organization average {% hint style="danger" %} **Critical**: When you receive a breach alert, treat it as an active security incident. Attackers monitor the same breach databases we do and will attempt to exploit credentials within hours of a breach becoming public. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sentry.auditware.io/monitoring/breach-detection/alert-workflow.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.