Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Strategic Services / Dark Web Alerting
300DWA Base

Dark Web Alerting

On this page

    Service Overview

    DeepSeas' Dark Web Alerting service provides continuous monitoring of an organization's external digital footprint, alerting on emerging threats such as domain, IP, or VIP exposures, new CVEs related to external assets, and potential indicators of compromise discovered on the dark web. A monthly external scan report summarizes findings, risk areas, and recommended remediation actions.

    Objectives

    • Detect and alert on organizational exposures found on the dark web and related sources
    • Identify and report new vulnerabilities (CVEs) affecting external hardware and software assets
    • Highlight potential risks from open ports, misconfigured systems, and shadow IT
    • Enhance overall situational awareness and proactive threat mitigation

    Methodology

    1. Configure continuous dark web and open-source intelligence (OSINT) monitoring for specified domains, IP ranges, and VIP identitites.
    2. Collect and analyze data from dark web marketplaces, leak sites, and underground forums for any related exposure.
    3. Perform monthly external perimeter scans to identify new or changed network assets.
    4. Correlate scan data with vulnerability databases to identify relevant new CVEs impacting external systems.
    5. Detect and document open ports, exposed services, and unauthorized or unknown assets ("shadow IT").
    6. Prioritize findings based on severity, exploitability, and potential business impact.
    7. Validate alerts for accuracy and remove false positives prior to reporting.
    8. Generate a consolidated Monthly External Scan Report summarizing all findings and trends.
    9. Provide tailored remediation and risk-reduction recommendations.
    10. Review and adjust monitoring parameters quarterly to maintain optimal coverage.

    Deliverables

    1. Monthly External Scan Report summarizing:
      1. Exposures and intelligence gathered from dark web sources
      2. Newly identified CVEs affecting monitored assets
      3. Open ports and shadow IT findings
      4. Risk ratings and prioritization
      5. Recommended remediation actions
    2. Alert Notifications (as applicable) for critical or high-severity findings between monthly reports.
    3. Quarterly Service Review Summary (optional, if included in engagement scope)

    Service Assumptions

    • Service is limited to non-intrusive, legally compliant dark web and OSINT data sources
    • Reports are provided electronically (PDF or CSV) via a secure delivery method
    • Client is responsible for implementing remediation actions and internal follow-ups
    • Real-time alerting or integration with SIEM platforms may be available under a separate agreement

    Client Responsibilities

    • Client will provide an initial inventory of domains, IP ranges, and VIP names for monitoring
    • Client will ensure necessary authorization for all external scanning and data collection activities