How to Configure the PII Exposure Feed
Learn how to use the PII Exposure Feed in DigitalStakeout to monitor the web for exposed personal data such as emails, IDs, and contact information.
How to Configure the PII Exposure Feed
The PII Exposure Feed in DigitalStakeout XTI enables real-time monitoring for exposed personally identifiable information (PII) across surface web, dark web, forums, and breach repositories. It is designed to proactively alert on data exposure risks that could lead to identity theft, fraud, or compliance violations.
Use Cases
- 🛡️ Identity Protection — Detect exposure of SSNs, addresses, names, and personal accounts
- 🏛️ Regulatory Compliance — Fulfill monitoring requirements for GDPR, HIPAA, CCPA, and others
- 🔍 Fraud Detection — Identify PII appearing in spam lists, dark web, or threat actor chatter
- 🔒 Insider Threat Response — Monitor for leakage tied to internal systems or employee data
Setting Up a PII Exposure Monitor
1. General Configuration
| Field | Description |
|---|---|
| Status | Enable or disable the feed |
| Feed Name | Assign a clear, descriptive label |
| Expires On | Set an expiration date (optional) |
| Use Case | Choose from Fraud, Compliance, Insider Threat, etc. |
| Tags | Add team, region, asset group, or regulatory scope |
| Send Data To | Select output destination within the platform |
2. Exposure Criteria
| Setting | Description |
|---|---|
| PII Identifiers | Choose what to detect — email addresses, phone numbers, SSNs, etc. |
| Must Contain | Require specific keywords for inclusion (e.g., company name) |
| Must Not Contain | Exclude false positives or generic hits |
Example Identifiers:
@example.comJohn Doe555-12XX123-45-XXXX
Monitoring Workflow
Once activated:
- The feed scans across surface, deep, and dark web sources
- Each detection is logged as an event with:
- Source link (if applicable)
- Exposed field(s)
- Timestamp and context snippet
- Tagged metadata and entity extraction
Results appear in the console and can be exported or routed to alerting systems.
Best Practices
- ✅ Be precise — Use specific email domains, partial SSNs, or naming patterns
- 🔄 Update regularly — Adapt identifiers as users change roles or assets evolve
- 🧠 Exclude noise — Filter generic strings like
[email protected]unless necessary - 🤝 Coordinate — Work with compliance, HR, and IT for holistic coverage
- 📁 Tag consistently — Use tags for audit trails and investigation grouping
Example Scenarios
- Detect personal emails from your HR system appearing in a breach dump
- Identify exposed contact numbers tied to your executives on pastebin-style sites
- Monitor for national ID numbers shared alongside political activism or doxxing
- Find third-party contractors leaking customer records to a public repo
Want to explore supported data types and integration options?
Visit the PII Exposure Feed product page on our main site.
Updated about 22 hours ago