Configure CCM Integrations
Integrate Compromised Credential Management (CCM) with trusted third-party tools to enhance your threat detection and response capabilities. By configuring these integrations, you can monitor compromised credentials, detect threats early, and take proactive actions to safeguard your organization’s sensitive data.
Integrations in CCM are divided into two types:
Add CCM Sources: Add sources to gather threat intelligence and monitor both compromised credentials and domain sightings in near real-time. These sources provide visibility into exposed user accounts and dark web mentions of your domains. For more information, see Configure CCM Sources.
Note
By default, Cyware CCM is enabled as a source, and the domain you configure in Settings is used to fetch compromised credentials.
Integrate IAM Tools: Integrate IAM tools, such as OneLogin and Okta, to correlate exposed credentials with users in your organization and enable targeted response actions. For more information, see Configure IAM Integrations for Threat Insights.
How CCM Works After Integration
After you set up the integrations, CCM starts retrieving compromised credential data from all active sources. The behavior varies based on the following source type:
Cyware CCM source: CCM fetches previously reported breaches from the web. If it detects a large dataset, it limits the results to the last 180 days so you can focus on recent breaches. It automatically adds new breaches as they appear online.
Third-party sources: CCM fetches the full breach dataset shared by the vendor, including historical records. It checks for new data every 3 hours to keep your results up to date.