Cyber Threat Surveillance
      Back to home
      1. Help Center
      2. Application Overview
      3. Cyber Threat Surveillance

      Cyber Threat Surveillance

      Learn how to configure Symbol Security to monitor for your organization's keywords on the dark web. This service provides early alerts for potential data breaches and security threats, allowing you to take proactive action.

      The Cyber Threat Surveillance feature provides the capability to review possible threats in the Dark Web that could indicate cyber risk in your company or users. With Cyber Threat Surveillance, the main goal is all about risk reduction, and having visibility to those risks or potential risks can put you one step ahead of the game.


      If you're interested in getting this service, talk to our Support Team (support@symbolsecurity.com) and enable this important feature for your company(s). You can also contact us via https://symbolsecurity.com/contact

      How it works

      1. Define Keywords

      Symbol allows you to add multiple types of keywords to search by. These keywords need to be defined per company, and the quantity will vary depending on your plan.

      These are some of the keywords you could add to your company:

      • Base Search (Single string like a Company Name or Product Name)
      • Domain
      • Email Address
      • CCN (Credit Card Numbers)
      • SSN (Social Security Number)
      • IP addresses
      • Crypto Addresses

      Learn more about keywords here: Managing Cyber Threat Keywords.

      2. Select Data Sources

      By default, cyber threat results are extracted from all data sources; however,  you can decide which sources you want to get results from.

      In order to define a custom list of data sources, navigate to the "Data Sources" section by clicking on the "Manage Keywords" button from the top-right side of the results' view.

      Once you're in the Manage Keywords view, click on "Manage Sources" to choose which sources you want to use for getting cyber threat results. All data sources are selected by default.

      3. Track Results

      Once you have defined your keywords, our application will monitor them every 24 hours, and will look for any possible threat associated with the provided keywords. These results will be shown in the main screen that is being shown when accessing to the Cyber Threat Surveillance view. 

      Each result listed on the view will have the following information:

      • Title.
      • Threat Date.
      • Threat Content (It shows all the information extracted from the DarkWeb).
      • Status (Pending, Urgent, Resolved, Ignored).
      • Keyword(s) (The keywords used to get the result).
      • Negativity. (This is a value of how likely the content could be used for criminal activity).
      • Source
      • Threat Actors
      • Related Emails
      • and more...

      Some things to keep in mind about the results: 

      • Every day, the application will only search for results on the past 24 hours prior to the search, however, if this is the "first call", then the application will search for historical results about past years.
      • The result's content is automatically removed after 30 days.

      4. Take Actions

      As an admin you can take the following actions on each result:

      • Change Status:

        • Pending: this is the default category.

        • Urgent: would be applied when the result has a negativity greater than 80%. Also, it would need to be closed out as resolved at some point by the admin.

        • Resolved: It would be a positive closure, and each result marked with this category will disappear from the main list and will be sent to the "Resolved Results" list.

      • Leave Notes: You can leave notes on each result to provide key insights about the findings or let other colleagues know about the importance of threats.

      • Ignore (When ignoring results, they will be automatically removed from the list).

      5. Notifications

      Admins can enable or disable the Cyber Threat Surveillance notifications that are being sent when new results are found, giving them more control over their organization's security measures. This notification can be managed both for companies and specific admins.

      Training Assets Pic4

      Filtering Results

      From the results, you are allowed to filter the findings by:
      • Status: filter by a specific category, such as pending, urgent, resolved, etc.
      • Date period: filter results between specific date ranges.
      • Keywords: type in specific keywords to filter by.
      • Negativity: filter results between a percentage range.

      To clear filters, there is a button right under the filters button on the top right.

      The list of "Resolved Results" could be accessed by clicking on the number of resolved results that are shown at the top of the screen. 

      Note: Cyber Threat results and keywords can also be managed from the Symbol API. Learn more about this in our API Documentation.


      Would you be interested in this service?

      Reach out to our Support Team (support@symbolsecurity.com) and enable this important feature for your company(s). You can also contact us via https://symbolsecurity.com/contact