# Risk Signals Detected

The *<mark style="color:green;">Risk Signals Detected</mark>* section explains the types of findings generated through deep and dark web monitoring. These findings emerge from <mark style="color:green;">underground forums, ransomware blogs, leak sites, and hidden marketplaces</mark>, where threat actors share, sell, or discuss content that may indicate exposure or targeting of an organization. Each signal is collected, interpreted, and structured to support early detection and response.

#### What We Detect

This monitoring layer identifies different types of digital risk that may impact a business, including:

* <mark style="color:green;">**Credential leaks**</mark>**:** mentions or listings of usernames, passwords, or authentication tokens tied to corporate systems, domains, or key individuals.
* <mark style="color:green;">**Data exposure**</mark>**:** internal documents, customer records, or confidential files posted publicly or offered for sale.
* <mark style="color:green;">**Access-for-sale offers**</mark>**:** discussions or listings advertising unauthorized access to systems such as VPNs, RDPs, panels, or inboxes.
* <mark style="color:green;">**Extortion activity**</mark>**:** ransomware victim announcements, sample leaks, negotiation details, or countdown pages linked to payment demands.
* <mark style="color:green;">**Targeting and impersonation**</mark>**:** posts referencing executives, employees, partners, or customers in the context of fraud, social engineering, or doxxing.
* <mark style="color:green;">**Attack planning**</mark>**:** threat actor conversations related to tools, exploits, or infrastructure used by the organization or its supply chain.

#### Why This Matters

These findings offer early visibility into events that can lead to serious incidents often appearing days or weeks before any public disclosure. By identifying signals of compromise or malicious intent at the source, security teams can act proactively: containing the threat, notifying impacted stakeholders, or initiating response efforts.

Each signal is presented with clear context: what was found, where it was found, and why it may pose a risk. This helps transform hidden, fragmented activity into actionable intelligence, supporting a stronger and faster digital risk response.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inopli.com/drp/deep-dark-web-monitoring/risk-signals-detected.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.