Submit a Have I Been Pwned? lookup from an observable in a security incident

Submit Have I Been Pwned? lookups on observables in a security incident identify breaches on observables that have a domain (that is, a URL, URI, domain name, or host name).

Before you begin

Role required: sn_ti.write


  1. Create a security incident or open an existing one.
  2. Click the Security Incident Observables related list.
  3. Select the observable or observables on which you want to run the Have I Been Pwned? lookup.
  4. Click the Actions on selected rows drop-down menu at the bottom of the screen, and select Run domain lookup.
    The results of the lookups appear in the Security Scan Requests related list, and the Activity notes record the lookup submission.
    Note: If the Security Operations Whois Integration plugin is also activated, the Run domain lookup action also returns Whois information.