Actions
Actions provides you with a set of actions to take that are recommended by Flare and are based on your Events.
You can find all the recommended Actions by navigating to the Actions page in Flare.
Each Action is related to specific Events which will be displayed on the right side of the screen, after selecting an Action. To see all the Events related to that Action, click on 'View all Events"
Active - These are new actions that have not yet been acted on.
Completed - These are actions that you have previously marked as complete.
Snoozed - These are actions that you have set to be reminded about later.
Ignored - These are actions you have previously marked as ignored.
All - Every action Flare has ever alerted you about.
These are actions we suggest you take based on your Infected Devices and Ransom Leak Events. Each of these actions will detail the relevant events, MITRE ATT&CK techniques, and mitigations.
- Actions are created for Infected Devices events in two specific cases:
- The stealer logs contain domains that do not resolve to an IP address, which may represent compromised employees with internal access.
- The stealer logs contain domains and usernames used to connect to common SaaS platforms, which may represent compromised employees reusing corporate credentials outside their organization.
- Actions are created for 3rd Party Ransom Leak Events if we find company files or otherwise potentially sensitive information in a recent breach or historical breach.
Configure or update your Flare profile, industry per tenant, and number of employees. Each year, Flare will recommend ensuring that your number of employees is up-to-date.
Actions recommended by Flare can also be added to any report. From Reports, click Edit on any existing report, and ensure that Actions is toggled on. All actions regardless of time created will be included.