Skip to content
INFIMA Knowledge Base

Enable Dark Web Monitoring

Dark Web Monitoring checks the client’s users against known credential breaches and alerts you when there’s a hit. When enabled, breach exposure shows up on the client’s Risk page and feeds the Dark Web Monitoring report. When disabled, both stop.

Tailor Dark Web Monitoring page with enable toggle

Enable for a client

Open the client → Tailor → Dark Web Monitoring. Toggle Enable for this client on. Save.

That’s it. Going forward, any breach hits against this client’s users appear on the Risk page in the Dark Web Exposure card.

The partner master switch

Above the per-client toggle is a partner-wide gate. When that’s off, every client’s per-client toggle is disabled and grayed out, and a warning banner appears on this page:

Disabled for the entire organization. Dark Web Monitoring is turned off across all of your clients. A partner admin can re-enable it from Billing → Add-ons.

This is how Dark Web Monitoring is sold — as a partner-level add-on. If you don’t see the option enabled, that’s your billing setup, not the client’s setting. A partner admin (on your side) re-enables it from Billing.

You’ll know it worked when

  • The page shows Enable for this client as on and the warning banner about the org-wide gate is absent.
  • The client’s Risk page renders a Dark Web Exposure card (it may show no hits yet — that’s the empty state, not a misconfiguration).
  • Future breach scans surface new hits on the same card.

Frequently asked

A client says they’re seeing breach hits — is that bad? The hit means the user’s credentials appeared in a known credential breach, somewhere. It’s not an active attack; it’s an indicator that the user should rotate their password (and any other accounts using the same password). The point of monitoring is to surface these so the client can act.

Will users be notified when they’re in a breach? That’s a separate setting. See Breach notifications — you can configure who gets emailed (administrators, the user themselves, or both).

Does scanning cost extra per user? Pricing is handled at the partner level — see your Billing page for the add-on details. The per-client toggle here just gates whether scanning runs; billing math happens upstream.

A client doesn’t want Dark Web Monitoring — they have their own EDR/IDP solution. Leave the per-client toggle off. We won’t scan the client’s users; nothing surfaces on the Risk page; the report isn’t generated for them. The rest of training and phishing continues normally.

Where do breach hits go besides the Risk page? The Dark Web Monitoring report is one of the standard report types you can include in Scheduled reports or build into a custom schedule. For real-time email-out behavior, configure Breach notifications.

A user was in a breach last year but rotated their password — how do I clear it? Each breach hit has a resolved / unresolved status. When a user is found in a breach they get a notification and can mark it resolved themselves from the Learning Portal once they’ve rotated the affected password. Admins can also resolve a breach on a user’s behalf — open the user from the Risk page and use the resolve action there. Resolved hits stay in history (so the trail is intact) but stop counting against the user’s active exposure.