Skip to content

Detection Services — Overview

BCP Portal combines several independent monitoring services. Each looks for a different risk type in a different source — and all findings converge into a single dashboard, reports, and notifications.

Why one source isn't enough

Data leaks rarely happen in one place. Your client's email might end up in a compromised credentials database. An AWS key in a public GitHub repo of a former developer. A database dump on Pastebin. And your company name on a ransomware leak site.

A single monitoring channel catches only part of the picture. Detection Services are parallel channels watching different corners of the internet simultaneously.

Available services

Service What it finds Status
HIBP Compromised employee emails and passwords ✅ Active
Pastebin Domain, email, secret mentions in public pastes ✅ Active
GitHub Secrets, tokens, keys in public repositories ✅ Active
GitLab Secrets, tokens, keys in public GitLab projects ✅ Active
Ransomware Your company mentions on ransomware leak sites ✅ Active
Social Media Brand mentions on Twitter / Reddit / Telegram / News 🚧 Coming soon
Breach Databases Commercial breach databases with plaintext passwords 🚧 Coming soon
OSINT Google Dorks for exposure discovery 🚧 Coming soon

How it works — in plain terms

  1. You add a DataSource — what to monitor: your domain, corporate email, brand name, IP range.
  2. You set a schedule — how often to check (hourly / daily / weekly).
  3. The platform automatically scans all connected sources on schedule.
  4. Findings appear in the dashboard with severity (low / medium / high / critical) and recommended actions.
  5. Notifications arrive via email or webhook as soon as a new finding is detected.

Unified findings

Regardless of which service found the problem, all findings share the same structure:

  • Severity — how urgent.
  • What was found — specific email, URL, file, mention.
  • Where it was found — source (HIBP, Pastebin, GitHub...).
  • When it was found — discovery date.
  • Statusnew, acknowledged, resolved, false_positive.

This means your incident-response workflow is the same regardless of the scan type.

What's next

Pick a service in the menu to learn:

  • What exactly it scans and in which source.
  • What's required to connect it.
  • How to interpret findings and what to do with them.