Submit a Have I Been Pwned? lookup from an affected user in a security incident

Submit Have I Been Pwned? lookups on affected users in a security incident to compare user email addresses against records in the Have I Been Pwned? database. This information can help in identifying compromised accounts.

Before you begin

Role required: sn_ti.write


  1. Create a security incident or open an existing one.
  2. Click the Affected Users related list.
  3. Select the user name or names on which you want to run the Have I Been Pwned? lookup.
  4. Click the Actions on selected rows drop-down menu at the bottom of the screen, and select Run domain lookup.
    The results of the lookups appear in the Security Scan Requests related list, and the Activity notes record the lookup submission.
    Note: If the Security Operations Whois Integration plugin is also activated, the Run domain lookup action also returns Whois information.