Integration of https://haveibeenpwned.com/ into XG Firewall
The "Have i been pwned" Service is a great thing to check for breaches in online Accounts.
One customer had a breach because of credential stuffing. He used the same password for some online Accounts as well as his Active Directory Account.
We checked a lot of other Mailadresses with this service.
And found some more breaches.
The Sophos XG, because of its insight in company Mailadresses, could potentially use this service to warn admins, that an email / password combination has been found on haveibeenpwned and immediate action is necessary.
As a field on the Dashboard with some informations would be a nice addition.
Implementation would be pretty straighforward because Troy Hunt has created an API to automate the process.