Articles on: Threats

Best Practices for Managing Threats in Selki

Best Practices for Managing Threats in Selki

Managing identity exposures effectively is crucial to reducing the likelihood of account takeover, fraud, or unauthorized access within your organization or platform.

Selki provides powerful tools to detect, triage, and remediate leaked credentials — and following best practices ensures that your team uses these capabilities to their full potential.

This article summarizes recommended workflows, priorities, and operational habits for security teams handling threats inside Selki.


1. Prioritize Critical and High-Risk Threats

Not all threats carry the same level of urgency.

Always begin with:

  • Critical (e.g., infostealer leaks with password)
  • High-risk exposures (recent malware logs, repeated occurrences)

These represent immediate exploitation potential and should be investigated the same day.

Move to Medium and Low threats only after the most severe cases are addressed.


A daily review routine keeps your exposure surface under control.

We recommend the following:

  • Check Critical and High threats every morning
  • Filter by Employees to protect internal systems
  • Filter by Watchers to prioritize key domains
  • Review newly added occurrences
  • Monitor recently reopened threats

Daily triage prevents backlog buildup and identifies emerging compromises early.


3. Always Reset Passwords When a Password Is Exposed

If the exposure includes a password — even if old or partially redacted — you should:

  • force a password reset
  • notify the affected user
  • validate MFA configuration
  • check for reuse across internal systems

For infostealer exposures, consider checking whether the device is still infected.


4. Re-Open Threats When New Findings Appear

Do not treat closed threats as permanently resolved.

Re-open immediately when:

  • new findings or occurrences appear
  • the identity shows up in a fresh malware log
  • the affected user reports suspicious activity
  • remediation steps were incomplete

Re-opening keeps visibility accurate and ensures that recurring risks are properly managed.


5. Use Watchers to Detect Domain-Level Hotspots

Some domains may become repeated targets or show signs of systemic password reuse.

Use Watchers to:

  • compare risk between domains
  • identify clusters of compromised employees or customers
  • isolate exposures related to specific business units or products
  • generate domain-specific exports for audits or leadership

This domain-level visibility is a powerful feature of Selki.


6. Keep Closed Threats Organized and Audited

Closing threats helps maintain workflow clarity, but periodic audit is essential.

Every month or quarter:

  • review a sample of closed threats
  • confirm remediation was successful
  • ensure passwords were properly reset
  • check for repeated exposures of the same identity
  • verify no new suspicious activity appeared post-closure

This strengthens long-term operational resilience.


7. Use Filters + Exports for Reporting and Collaboration

Combine filters with export formats (PDF, CSV, XLSX) for:

  • security reviews
  • compliance reporting
  • incident documentation
  • cross-team collaboration
  • escalation to internal IT or fraud teams

Exports respect the filters applied, allowing generation of targeted and high-value reports.


8. Train Users on Password Hygiene and MFA

Technical remediation is not enough if the underlying behavior doesn’t change.

Consider:

  • encouraging MFA activation for all users
  • educating users about password reuse
  • recommending password managers
  • advising employees to avoid downloading cracked software (major infostealer vector)

User education reduces the long-term volume of threats detected in Selki.


Use the Selki Dashboard to:

  • visualize increases or decreases in threats
  • track monthly remediation performance
  • identify when new campaigns of infostealer infections occur
  • understand how quickly threats are being closed

This helps teams detect anomalies or seasonal attack patterns.


10. Integrate Selki Into Internal Playbooks

Selki fits naturally into SOC, SecOps, IT, and Fraud workflows.

For best results:

  • include Selki checks in incident response playbooks
  • automate follow-up actions through your internal tools
  • use exports for integration with SIEM or SOAR systems
  • involve leadership when critical exposures appear
  • document remediation steps in internal case management tools

This ensures consistency and reduces human error.


Summary

Managing threats effectively in Selki requires a mix of technical investigation, structured workflow, user education, and consistent prioritization.

By following best practices — such as prioritizing high-risk threats, re-opening exposures with new findings, conducting routine audits, and using Watchers strategically — your organization can significantly reduce the risk posed by compromised identities.

These practices enhance security posture, reduce fraud and unauthorized access, and ensure that your team responds quickly and confidently to real-world exposures.


End of Category

You've now completed all articles in the Threats category.

For additional topics, explore other sections of the Help Center or contact support: support@selki.io


Updated on: 01/12/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!