🧭 Getting Started with Compass

Welcome to SpyCloud Compass, your command center for exposure alerting, prioritization, and identity remediation.
This guide will help you understand what Compass is, why it exists, and how to start using it effectively.

🔍 What Is Compass?

Compass is a SaaS module that surfaces exposure alerts from SpyCloud’s darknet and malware data, scoring and prioritizing each alert based on severity and context. It helps your team:

Detect exposed employee or contractor credentials
Prioritize alerts based on real identity risk
Take fast, effective remediation actions
Collaborate across SOC, fraud, and identity teams

Unlike traditional breach alerting tools, Compass enriches alerts with malware context, cracked passwords, risk scoring, and suggested next steps.

✅ Who Should Use Compass?

Compass is built for a wide range of teams — each with different goals but a shared need for identity exposure visibility:

🔒 SOC Analysts

Prioritize alerts by severity. Reduce noise. Remediate fast.

🛡️ Security Engineering

Integrate alerts into your SIEM/SOAR and trigger automated workflows.

🧠 CTI & Threat Researchers

Correlate identity exposure with threat actor behaviors and campaign activity.

💰 Fraud & Risk Teams

Protect users exposed via malware or password reuse before abuse occurs.

🗺️ How Compass Fits In

Compass is one layer of SpyCloud’s Enterprise Protection Suite, focused on exposure detection and response.
It works alongside:

ATO Prevention – stops exposed credentials from being used to compromise accounts
IDLink API – enriches identity graphs across malware, breach, and behavioral data
Investigations – powers deeper forensic work from selectors

🛫 First-Time Setup Checklist

Here’s what to do if you’re logging into Compass for the first time:

✅ Ensure you have access at compass.spycloud.com
✅ Check that your account has the appropriate seat/license assigned
✅ Navigate to the Alerts tab to view prioritized exposure events
✅ Use filters to focus by severity, domain, or source type
✅ Start triaging alerts (e.g., investigate, mark resolved, escalate)
✅ Explore automation or SIEM integration options with your team

📊 What You’ll See Inside

Compass is organized around alert views:

A dashboard of high-risk identity exposures
Severity scores (5–25) based on context, origin, and exploitability
Filtering by domain, email, source type, malware family, password type
Ability to mark alerts as resolved, under investigation, or escalated

💡 Why Use Compass?

⚡Fast Signal. Low Noise.

Compass is built to surface only the alerts that matter most — and give you the context to respond confidently.
It’s not about drowning you in exposures. It’s about helping you act before attackers do.

🧠 Ready to Go Deeper?

Next steps:

📖 Read Understanding Alerts & Risk Scoring
🔍 Learn how to Investigate Alerts in Compass
🛠️ Explore Remediation Workflows & Automation
💡 Review Compass Best Practices & Optimization