Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Activate, change, and archive a Transform

Transforms

Transforms are intelligent search objects. Transforms start with a keyword, but unlike keywords, which work via static and straightforward matches, Transforms: 

  • Take subdomains into account (e.g. a Transform for UpGuard.com looks for subdomains like mail.upguard.com).
  • Use fuzzy matching to catch common variations (e.g. St John, St.John, Saint John).
  • Take context into account (e.g. the way we scan for a Transform on GitHub is different than how we scan Telegram for that same Transform).
  • Take common obfuscating or shorthand tactics into account. 

A good Transform

  • Is precise, a term highly associated with your company (e.g. your domain or company name).
  • Is as concise as possible while still being specific to your company. 
  • Does not contain legal suffixes (e.g. Corp, Group, Pty Ltd). Excluding these words tightens search quality.
  • Is consistent with the Transform type. e.g. the structure for an API-related Transform will be very different than the Transform for your company name.

Transforms should not be

  • Full sentences
  • Generic terms. If your company name is also a generic term, work with your Customer Success Manager to optimize your standard Transform.

Standard Transforms

Threat Monitoring comes with two standard Transforms: one for your primary domain, one for your company name. The company name Transform is particularly critical — it automatically expands into variations and abbreviations, allowing us to detect phishing, brand abuse, and credential leaks that a domain-only approach would miss.

In the case of your domain, UpGuard captures subdomains and email addresses automatically. For example, a domain Transform for “example.com” also scans for “jobs.example.com,” “mail.example.com,” and “user@example.com”.

Once those baselines are in place, you can purchase threat credits to activate additional Transforms as needed.

How Transforms work (what happens when you run a Transform)

When you activate a Transform, UpGuard

  1. Applies logic. UpGuard expands the keyword into a Transform using trained logic, tailoring the analytics process to the source being scanned.
  2. Identifies threats. UpGuard begins scanning the designated sources for threats related to your Transform.
  3. Completes threat analysis. Our AI Threat Analyst, like a human analyst, parses identified threats and categorizes them as:
    1. Open: a threat that requires your attention.
    2. Closed: not a viable threat (though you can review and move any threats from Closed to Investigating).
  4. You start working through queues. You review Open threats, with the goal of working them through to Closed. Meanwhile, the AI continuously scans for new threats.

TMDiagram

Activate your standard Transforms

You must have the role Admin to activate Transforms.
  1. Click the Breach Risk icon from UpGuard’s left-hand navigation.
  2. Click Threat Monitoring from the left navigation.
  3. Click through or skip the product walk-through. The Threat monitoring setup appears after this.
  4. Confirm your domain and company name on the Threat monitoring setup modal. Both fields are pre-populated based on your account information. Note: You cannot edit your primary domain, but you can edit the company name (we recommend removing legal suffixes).
  5. Click Confirm & scan. UpGuard begins scanning for threats related to your primary domain.
  6. Click Analyze results. UpGuard’s AI Analyst begins analyzing uncovered threats. This process might take a few minutes. In the meantime, you can minimize the scanning modal. Threats will appear in Threat Monitoring as they’re analyzed and you can reopen the scanning modal at any point by clicking Scanning for sensitive data.
  7. Once UpGuard is done analyzing threats related to your primary domain, we’ll immediately begin scanning, detecting and analyzing threats related to your company name.
  8. Once scanning is complete, a summary modal appears recapping the threats detected and the number of closed vs. opened threats.
  9. Click View open threats to begin reviewing threats.

After the initial scan, UpGuard continuously scans for new threats and they will automatically appear in Threat Monitoring as they’re uncovered.

Set up notifications to get notified when new threats are uncovered. 

Activate an Additional Transform

You must have the role Admin and an available threat credit to activate a new Transform.

  1. Click the Breach Risk icon from UpGuard’s left-hand navigation.
  2. Click Threat Monitoring from the left navigation.
  3. Click the Transforms settings icon in Threat Monitoring’s upper right-hand corner.  This page shows how many threat credits you have available.
  4. Click + Add Transform.
  5. Click the Type dropdown and select the type of Transform you’re adding.
  6. Add a keyword in the Keyword field. This is the word(s) that powers the Transform. Read about what makes a good Transform.
  7. (Optional) Add a description. This is especially beneficial when your term is: service accounts, API keys, tokens, honeypots, etc.
  8. Click Next.
  9. Use the check boxes to set which sources you want to scan:
    1. Deep & dark web. For domain Transforms: you’ll also select if you want to scan employee and/or website visitor stealer logs.
    2. Open web.
  10. Click Next.
  11. Review the information you’ve entered and click Add Transform when you’re satisfied with your Transform settings.

UpGuard immediately begins scanning the selected sources for threats related to your Transform. We’ll detect and analyze threats and within a few minutes you’ll see threats begin to appear. Once scanning is complete: a summary modal appears recapping how threats were detected, and how many were closed vs. opened. Click View open threats to begin reviewing threats.

After the initial scan, UpGuard continuously scans for new threats, and they will automatically appear in Threat Monitoring as they’re detected.

Set up notifications to get notified when new threats are uncovered.

Edit a Transform

You can edit a Transform’s description and the sources it scans.  

  1. Click the Breach Risk icon from UpGuard’s left-hand navigation.
  2. Click Threat Monitoring from the left navigation.
  3. Click the Transforms settings icon in Threat Monitoring’s upper right-hand corner.
  4. Click the settings (gear) icon in the row corresponding with the Transform you want to edit.
  5. Edit the settings you want to change.
  6. Click Save changes.

Your Transform is now updated based on your changes. If you edited your Transform to:

  • Scan additional sources: you’ll see results within 24 hours.  
  • Stop scanning specific sources: Open and Closed threats associated with the sources are removed from your workspace. Threats in Investigating and Remediating remain visible until they are moved to closed.

Archive a Transform

If a Transform is too noisy or irrelevant, we recommend archiving it and replacing it with another. When you archive a Transform, we’ll

  • Immediately stop scanning for related threats.
  • Any threats in the Open and Closed status are removed.
  • Any threats in Investigating and Remediating remain visible until they are moved to Closed.
  • A threat credit becomes available.

How to archive a Transform

  1. Click the Breach Risk icon from UpGuard’s left-hand navigation.
  2. Click Threat Monitoring from the left navigation.
  3. Click the Transforms settings icon in Threat Monitoring’s upper right-hand corner.  
  4. Click the trash icon on the row corresponding with the Transform you want to archive.
  5. Click Stop monitoring.

This Transform term is archived. UpGuard is no longer scanning for related threats and a threat credit is now available on your account.

Restore an archived Transform

You can restore a Transform that was previously archived. You must be an admin and have an available threat credit to restore a Transform.  Each threat credit can be used to restore an archived Transform once every 30 days.

When you restore an archived Transform:

  • Threats that were removed from Threat Monitoring when the Transform was archived are now added back into Threat Monitoring.
  • Threats are added back into the workflow queue they were in when the Transform was archived.
  • Scanning resumes when you reactivate the Transform, however UpGuard does not backfill and scan for threats that occurred while the Transform was archived.

How to restore an archived Transform

  1. Click the Breach Risk icon from UpGuard’s left-hand navigation.
  2. Click Threat Monitoring from the left navigation.
  3. Click the Transforms settings icon in Threat Monitoring’s upper right-hand corner.  
  4. Click the Unmonitored tab.
  5. Click the restore icon (u-turn arrow) on the row corresponding with the Transform you want to restore.

Your Transform is restored, threats that were previously found are restored on Threat Monitoring. Scanning resumes for this Transform.