# Watchlist Events

The **Watchlist Events** page displays real-time alerts for any item on your Watchlist that has been detected in breach data.

As WhiteIntel continuously scans new breach records, this page is automatically updated with events linked to your monitored **domains**, **emails**, **IP addresses**, or **hostnames**.

Each event includes:

* The **type of asset** that triggered the alert (e.g., domain, email, IP)
* The **event date** (when it was detected in our breach sources)
* The **breach type** (e.g., `stealer`, `combolist`)
* The **number of credentials or records** exposed
* A **“View” button** to dive deeper into the breach details

This page helps you:

* Monitor exposures relevant to your organization or research targets
* Stay up to date without manually searching
* Quickly investigate incidents as they happen

<figure><img src="/files/BOsWWTcO5OQrXxD6APvA" alt=""><figcaption></figcaption></figure>

> 📌 Tip: Watchlist Events are automatically generated and updated based on your active Watchlist items. You can control which items are tracked from the Watchlists page.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledge.whiteintel.io/white-intel-usage/watchlist-events.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.