Skip to main content
// HOW IT WORKS

From a dark-web dump to a closed incident, in one workflow.

Four steps. Agentless. Hashed by default. No SIEM integration needed to get value on day one — though you can plug in later via SMTP routing.

The lifecycle of an incident

Each step is something a real operator does inside Dark Manager — not a marketing abstraction.

01

Ingest

Our crawlers continuously pull credential dumps from dark-web forums, ransomware extortion blogs and public paste sites. New leaks land in the tenant within minutes of publication.

02

Match

Every leaked email is hashed (SHA-256) and matched against the identities in your perimeter — corporate domains, explicit C-Level list, registered providers and end-clients. Plaintext credentials never persist.

03

Route

The platform classifies each finding (C-Level / employee / provider / client) and routes the alert to the recipients you configured per domain × per category. Shadow IT vendors get auto-detected and surfaced separately.

04

Remediate

Analysts triage from a live feed, walk each breach through a six-stage workflow (investigating → user notified → password reset → verified → closed) and log notes. Re-breaches reopen automatically.

Built to deploy quickly, not to interrupt

100% agentless

All monitoring happens externally. No software on endpoints, no internal network access. A new tenant is fully provisioned in under 5 minutes — domains added, alerts configured.

Privacy by design

Emails persist as SHA-256 hashes; plaintext lives only in the per-tenant JSON feed that renders dashboards. Aligned with GDPR's data-minimization principles.

Tenant-isolated by default

URLs are slug-scoped and validated at the decorator level. A Cyber Corp can never see another Cyber Corp's data — enforced server-side, not just in the UI.

From alert to board slide, without leaving the platform

Two outputs designed for two different audiences.

Executive PDF reports

Click "Generate" inside the report view to get a multi-page PDF with the scorecards, identity-type breakdown and timeline for the period you selected. Goes white-label for Cyber Corp tenants.

AI risk narratives

Generates a CISO-grade Markdown report with a Critical / High / Medium / Low risk rating extracted by the model. Counts against a monthly quota you control per tenant.

Want to see the engine in action?

A Proof of Value runs steps 1-3 on your primary domain, free, so you can decide if the findings are worth a contract.

Start a Proof of Value Request a Demo