== THIS APP IS CURRENT UNDERGOING SIGNIFICANT REFACTORING - PLEASE CHECK IN AGAIN LATER FOR A NEW VERSION == Is the use of stolen credentials through phishing and other means a concern in your organisation? The Third Man Correlation Search app detects misappropriated credentials using an abstract statistical fingerprint of users' successful auth behaviour. The correlation search takes the CIM Authentication data model and enriches it with autonomous system information and an abstraction of time, then creates a statistical 'fingerprint' of each users' behaviour in relation to what, when, where and how they successfully auth. A significant deviation from a user's pattern triggers the alert. Although this sounds relatively straightforward, importantly this correlation searches' ability to detect anomalous behaviour is derived from it's unique high-level abstraction of circumstances.