Every capability your security team uses every day.
Dark Manager bundles continuous dark-web monitoring, identity triage, remediation workflow, executive reporting and multi-tenant operations into a single console. Below is exactly what you get with the Core License — no add-ons required.
Monitor
Ingest dark-web and public credential leaks continuously, matched against every identity in your perimeter.
Continuous ingest
Crawlers pull credential dumps, ransomware extortion posts and underground forums 24/7. New leaks land in the platform within minutes of being published.
Hash-based matching
Emails are matched via SHA-256. Plaintext credentials never persist in the database — we work on hashed comparisons, GDPR-friendly by design.
Four identity categories
C-Level executives, employees, third-party providers and end-clients are tracked separately so triage and routing can be tuned per category.
Shadow IT detection
Professional-email leaks from unregistered domains are flagged as suspected vendors your team didn't know they were doing business with.
Re-breach detection
If an identity that was previously remediated leaks again on the same service, the platform reopens it automatically and notifies you as a fresh incident.
Multi-domain perimeter
Configure all your corporate domains under one tenant. Add or remove domains at any time; the engine re-syncs on the next ingest cycle.
Triage
Get the right alert to the right person — and only when it matters.
Per-domain × per-category routing
For each monitored domain, define which recipients receive alerts for C-Level, Employees, Providers or Clients. Activate or pause any combination independently.
Live alert feed
Every detection, status change and AI report becomes an entry in a chronological feed with type, severity, source and metadata. Filter by event type.
Severity-aware UI
C-Level breaches surface in red, supply chain in orange, employees in purple, clients in cyan. Mobile-readable, screen-reader friendly.
Auto-prefill default recipients
For Cyber Corp tenants, when an analyst activates a new alert category the cybercorp's default contact is suggested automatically — no missed inboxes.
Misconfiguration guards
Activating an alert category without recipients triggers an inline red warning so the SOC never silently loses notifications.
Data freshness indicator
Every dashboard shows a live "Updated X min ago" badge with a manual refresh button — operators always know how stale the data is.
Remediate
A proper incident workflow — not just "mark as managed".
Six-stage workflow
Pending → Investigating → User notified → Password reset → Verified → Closed. Each transition records the analyst, timestamp and notes for audit.
Mark managed with Undo
One-click mark-as-managed with a 5-second Undo toast and confirmation modal. Mistakes don't become incidents.
Bulk select & resolve
Checkbox-per-row with a contextual action bar. Mark dozens of pending breaches as managed in one click after a mass-leak event.
Per-breach notes & history
Every breach has a full action timeline — who, when, which stage, what they wrote. Perfect for handovers and audit prep.
Re-breach reopen
If a closed breach reappears with a fresher leak date, the platform reopens it automatically and surfaces the previous remediation in the event metadata.
Pending count badges
Sidebar shows live pending counts per identity category. Analysts always know where the backlog sits without opening every page.
Analyze
From a raw breach list to a CISO-grade narrative — without leaving the platform.
Trend intelligence
12-month volume per identity type, weekly breach velocity with linear regression slope, and a top-movers table comparing this month vs last.
Time-to-manage metric
Average days from detection to resolution, calculated across all closed breaches. Track your team's improvement quarter over quarter.
Period-over-period deltas
Scorecards include trend pills (↑ +12, ↓ −5) comparing the current view against the previous equivalent period. Spot regressions early.
Custom date range
Today, Last week, Current/Last month, YTD — or pick any window. Timeline and tables recompute server-side and reflect monitor scope settings.
AI risk narratives
Generate CISO-grade Markdown reports with a single click. Each carries a Critical/High/Medium/Low risk rating extracted by the model.
Executive PDF reports & XLSX export
Board-ready white-label PDFs plus filtered XLSX exports for the breach table. No copy-pasting into Excel before the steering meeting.
Scale
Built for security teams running one tenant or fifty.
Multi-tenant switcher
Cyber Corp users see all managed clients in one search-able switcher. Jump between tenants in two clicks; sidebar always reflects current tenant.
White-label logos
Upload a logo per Cyber Corp; it replaces the brand mark for every downstream client and on every generated executive report.
Per-tenant scope toggles
Disable provider or client monitoring per tenant; dashboards, alerts and AI reports respect that scope automatically.
SSO (Google & Microsoft)
Sign in via OAuth on Azure AD or Google Workspace. Falls back to local password + reset link if SSO isn't configured.
Tenant isolation by design
Every URL is slug-scoped and validated server-side. A Cyber Corp can never see another Cyber Corp's data — enforced at the decorator level.
Accessibility & mobile
WCAG-AA contrast, screen-reader-labelled charts, keyboard skip links, sidebar collapses to off-canvas on mobile. Works on a phone, not just a 27-inch monitor.
See your own exposure on a real scan
The Proof of Value runs Monitor + Triage on your primary domain, free, for qualified organizations.