Articles on: Threats

Threat Details Page - Full Explanation

Threat Details Page (Full Explanation)

The Threat Details panel provides an in-depth view of a compromised identity detected by Selki.

It appears when you click on any identity in the Threats List and contains all relevant information needed for investigation and remediation.

This page is divided into clear sections that help analysts understand the exposure quickly and take action efficiently.


1. Identity and Summary Information

At the top of the details panel, you’ll see:

Identity (Email / Username)

The exposed user account associated with the threat.

This may belong to an employee or a customer, depending on the category.

Status

Displayed with a dropdown menu:

  • Open
  • Re-Opened
  • Closed

You can change the status directly from this panel.

Risk Level

A colored badge indicating severity:

  • Low
  • Medium
  • High
  • Critical

Category

Indicates whether the identity belongs to:

  • Employees
  • Customers

These labels help you distinguish internal risks from platform-level risks.


2. Exposure Information

Below the summary, you’ll find a block describing the exposure details:

Exposure Type

The threat source, such as:

  • Infostealer
  • Breach
  • Paste
  • Aggregated data
  • Multi-source exposure

Domain / Watcher

The domain associated with this identity.

This establishes which monitored asset the exposure belongs to.

First Seen / Last Seen

Shows when the exposure was first detected and when Selki most recently found it in compromised sources.

These timestamps highlight recency and ongoing risk.


3. Findings Section

One of the most important sections in the Threat Details panel is Findings, where Selki displays the raw exposure artifacts collected from the compromised environment.

Each finding may include:

Hostname

Specific to infostealers.

Represents the machine name or device identifier where the malware was running.

Password

Indicates whether a password was found.

Some exposures include:

  • plaintext passwords
  • partially redacted passwords
  • hashed passwords
  • no password (email only)

Occurrences

The number of times the same identity was detected across datasets.

Multiple occurrences can indicate:

  • repeated compromise
  • cross-source exposure
  • multiple infected devices
  • persistent credential reuse

Each occurrence is represented as its own card.


4. Additional Metadata

Depending on the exposure type, Selki may also show:

  • browser data
  • device fingerprint traces
  • leak source identifiers
  • breach dataset references
  • timestamps from malware logs
  • indicators of session/token exposure

This metadata helps analysts build context about where and how the compromise occurred.


5. Status Actions (Close / Re-Open)

Inside the details panel, you can manage workflow actions:

Close Threat

Marks the threat as remediated.

Use this after confirming:

  • password reset
  • MFA enforcement
  • user validation
  • no signs of misuse

Re-Open Threat

Used when:

  • new findings appear
  • the identity is compromised again
  • remediation was incomplete

Status changes update the dashboard and threat filters instantly.


6. Why the Details Page Matters

The Threat Details view provides:

  • actionable insights
  • the exact nature of the exposure
  • context about the infected device or breach source
  • identity-level risk interpretation
  • a clear path to remediation

It’s the core tool for analysis and decision-making inside Selki.


Summary

The Threat Details panel gives a complete, granular view of each identity exposure.

It includes identity data, status management, risk levels, exposure type, timestamps, findings, and remediation controls — everything necessary for informed response.


Next Article

Threat Findings Explained (Hostname, Password, Occurrences)


Updated on: 01/12/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!