Detection Services — Overview¶
BCP Portal combines several independent monitoring services. Each looks for a different risk type in a different source — and all findings converge into a single dashboard, reports, and notifications.
Why one source isn't enough¶
Data leaks rarely happen in one place. Your client's email might end up in a compromised credentials database. An AWS key in a public GitHub repo of a former developer. A database dump on Pastebin. And your company name on a ransomware leak site.
A single monitoring channel catches only part of the picture. Detection Services are parallel channels watching different corners of the internet simultaneously.
Available services¶
| Service | What it finds | Status |
|---|---|---|
| HIBP | Compromised employee emails and passwords | ✅ Active |
| Pastebin | Domain, email, secret mentions in public pastes | ✅ Active |
| GitHub | Secrets, tokens, keys in public repositories | ✅ Active |
| GitLab | Secrets, tokens, keys in public GitLab projects | ✅ Active |
| Ransomware | Your company mentions on ransomware leak sites | ✅ Active |
| Social Media | Brand mentions on Twitter / Reddit / Telegram / News | 🚧 Coming soon |
| Breach Databases | Commercial breach databases with plaintext passwords | 🚧 Coming soon |
| OSINT | Google Dorks for exposure discovery | 🚧 Coming soon |
How it works — in plain terms¶
- You add a DataSource — what to monitor: your domain, corporate email, brand name, IP range.
- You set a schedule — how often to check (hourly / daily / weekly).
- The platform automatically scans all connected sources on schedule.
- Findings appear in the dashboard with severity (low / medium / high / critical) and recommended actions.
- Notifications arrive via email or webhook as soon as a new finding is detected.
Unified findings¶
Regardless of which service found the problem, all findings share the same structure:
- Severity — how urgent.
- What was found — specific email, URL, file, mention.
- Where it was found — source (HIBP, Pastebin, GitHub...).
- When it was found — discovery date.
- Status —
new,acknowledged,resolved,false_positive.
This means your incident-response workflow is the same regardless of the scan type.
What's next¶
Pick a service in the menu to learn:
- What exactly it scans and in which source.
- What's required to connect it.
- How to interpret findings and what to do with them.