New DarkIQ workflow filtering and export enhancements

DarkIQ has always allowed security teams to preemptively identify when staff, third-party, and customer credentials have been exposed through breaches or malware-infected devices. As organizations monitor increasingly large extended attack surfaces, security teams need a faster way to prioritize these alerts and filter out irrelevant noise.

In this update, we’ve added granular credential action filtering and improved your export options to streamline your analyst workflows.

Reducing the noise with advanced filters

We’ve added new filters to make it easier to zero in on your most pressing actions. These filters apply to all Credential Actions, including Leaks, Stealers, and Third-Party exposures, and are applied at the action data level.

1. Exclude free email providers: Automatically exclude results from free email domains like Gmail or Yahoo from your actions view within DarkIQ using a single toggle.
2. Targeted domain filtering: Narrow the scope of your investigations by filtering for specific email domains – ideal for targeted monitoring of subsidiaries, strategic partners, or high-priority third-party vendors.
3. Granular time filters: You can now filter all actions, not only credential actions, based on both the Created Date (when the alert was generated in DarkIQ) and the Event Date (when the actual breach or stealer activity occurred), giving better control over their investigation timelines.

Enhanced background exports

In addition to the recent API enhancements we’ve made to DarkIQ, we’ve also improved the export functionality to support integration of data into your wider security stack. You now have the option to export a high-level summary of your Actions or the full Action Data, with all fields, values, and associated data. Exports will process in the background, allowing you to continue using the platform. You’ll receive an email when your download is available in the Notification Center.