Autotask or Connectwise - Ticket Messaging + Token Templates

The following are verbiage templates that can be used for Autotask or Connectwise.

These are meant to serve only as suggestions that you can use and modify. If you'd like to submit your own verbiage to be considered to be added to this list, please reach out to our support team.

If you'd like to view the available Tokens, please read either:

Autotask:

Connectwise:

Staff or Client Facing - Ticket Titles

[organization_name] compromise details are below.
A Dark Web Compromise has been found for [organization_name].
A Dark Web Compromise has been found for [search_value].
As of [date_added], a compromise was added for [organization_name].
**ALERT** A Dark Web Compromise has been detected for [organization_name].
A compromised [compromise] was found for [organization_name].
[compromise] from [origin] was found for [organization_name].
[compromise] from [origin] was found for [search_value].
Monitoring Alerting: [date_added], [compromise], [organization_name]
Data Breach Monitoring Alert Detected: [organization_name]
Compromised Email [organization_name] -- [search_value] --- [obscured_password]

Staff Facing - Ticket Message

Template Suggestion #1 w/ Obscured Password (pass****)
Client: [organization]
Date added to DWID Platform: [date_added]
Date found on the Dark Web: [date_found]
Type of Compromise Found: [record_type]
The email or IP found: [search_value]
The record type found: [compromise]
Password found: [obscured_password]
Where on the Dark Web found: [source]
Breach Source: [origin]

Template Suggestion #2 w/ Full Visible Password

Client: [organization]
Date added to DWID Platform: [date_added]
Date found on the Dark Web: [date_found]
Type of Compromise Found: [record_type]
The email or IP found: [search_value]
The record type found: [compromise]
Password found: [password]
Where on the Dark Web found: [source]
Breach Source: [origin]

Template Suggestion #3 w/ Obscured Password (pass****)

Whoever receives this ticket--please notify the assigned account manager for this client within 1 hour of opening this ticket.

Account Manager - Please make sure to notify the client. Please **DO NOT** email this information.
Client: [organization]
Date added to DWID Platform: [date_added]
Date found on the Dark Web: [date_found]
Type of Compromise Found: [record_type]
The email or IP found: [search_value]
The record type found: [compromise]
Password found: [obscured_password]
Where on the Dark Web found: [source]
Breach Source: [origin]

Template Suggestion #4 w/ Full Visible Password

Dark Web Monitoring Service has detected the following client E-Mail addresses on the dark web. Please have the account owners change their passwords immediately on all sites associated with the following email accounts:

[date_added] - [search_value] with the following password: [password]

Please update this ticket once you have reached out for them to changed their passwords on all the sites they access to.

Template Suggestion #4 w/ Obscured Password (pass****)

[date_added] - [search_value] with the following password: [obscured_password]

Please update this ticket once you have reached out for them to changed their passwords on all the sites they access to.

Client Facing - Ticket Message

Template Suggestion #5 w/ Obscured Password (pass****)

Hello (CLIENT NAME),

During one of our routine security scans we discovered the credentials for the following account(s):

[search_value] with the following password: [obscured_password]

[search_value] with the following password: [obscured_password] (NOTE: duplicate as needed)

This information was discovered on one of many websites that are frequented by hackers that buy and sell stolen credentials. We cannot determine if these credentials were used to compromise any of your accounts.

We strongly recommend that you do that following:

1. List all of the services and websites where you may have used this specific username and password combination.

Log in to each one and change your password immediately.

Review your account settings on these websites and makes sure that your personal information hasn't changed. You want to look for changes in your phone number, email address, name, etc.

2. If you used this password with other usernames that you use for other websites--log into those services and repeat Step #1.

3. Very important. Do not use any variation of this compromised password as they can be easily cracked by the tools hackers use.

4. If you haven't implemented a Password Mangement or 2FA solution for your company--we highly recommend in reaching out to us to discuss the protection strategy.

Feel free to reach out to our Support Email: (YOUR SUPPORT EMAIL)

Or give us a call at: (YOUR PHONE NUMBER)

Template Suggestion #5 w/ No Password (Touch Opportunity)

Hello (CLIENT NAME),

During one of our routine security scans we discovered the credentials for the following account(s):

[search_value]

[search_value] (NOTE: duplicate as needed)

This information was discovered on one of many websites that are frequented by hackers that buy and sell stolen credentials. We cannot determine if these credentials were used to compromise any of your accounts.

Due to the sensitivity and security risk to your business, please reach out to us to discuss the compromised credentials that were found on the Dark Web and we can discuss next steps.

(YOUR SUPPORT EMAIL)

(YOUR PHONE NUMBER)

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.