What Types of Events are Covered?

Leaked Credentials

These events involve compromised credentials such as email addresses, usernames, and passwords. They may originate from infostealer malware infections on personal devices, data breaches, public exposures, or combolists found on dark web forums.

What are the sub types?

Subtypes classify how and where the compromised credentials were obtained. Each subtype provides important context about the source of exposure and the severity of the event. The main subtypes are:

Infostealer

Indicates that credentials were exposed from a device associated with your organization that was infected by infostealer malware. These events typically include device metadata (e.g., HWID, IP address) and compromised credentials (login URL, email, username, and password). This sub-event is considered highly critical.

Database_dump

Represents credentials found in data breach file detected on the dark web. These files usually contain information stolen during a confirmed breach of an organization, and your asset appears within that compromised dataset.

Data_breach_combo_list AND Stealers_combo_list

Represent credentials extracted from large combo list files that contain many lines of username-password pairs + additional potential PII properties, following a consistent structure.

What Type of Assets are Covered?

An asset refers to a specific digital identifier that our uses choose to monitor for cyber threats. Currently, supported asset types include domains. These are the individual elements the system tracks for exposure in threat sources.

The assets are defined and managed exclusively through the Lunar platform.

What is a Group Name?

A group name is a custom label defined by our users via the Lunar platform, used to logically group related assets (e.g., under an organization, department, or brand name). For example, all assets related to a company might be grouped under "acme_corp" for easier filtering and analysis.

How are events sorted in the response?

To ensure effective pagination, events are sorted by the created_date field in ascending order - from the oldest to the newest.

How long is historical event data retained?

Historical data is available for 1 year from the event’s creation date.

Are passwords and sensitive fields exposed in the API?

Passwords are masked or exposed based on the Admin's configuration in your Lunar account.