Asset Relations

the v3 release of flare's api adds a series of endpoints that provide advanced functionality used to explore the different types of assets and their relations to one another while the use of the api itself might be straightforward, some explanation of specialized terms is necessary to explain its functionality clearly glossary identifier a flare specific term referring to a configuration created to monitor continuously for an asset (e g an email identifier is configured to monitor the asset person\@example com) configured either in the flare platform or through the api, they gather information about events, entities or other assets related to their monitored asset they will send out alerts through different channels if configured to do so asset something that has value to an organization, which can be tangible (e g person) or intangible (e g domain, email, ip, bin, brand) they are immutable and don't contain any user configuration such as filters relation defines how different assets are associated with one another (e g a domain asset is mentioned in a github repository asset) concept asset relations allow for browsing relations between assets browsing relations can be a powerful way of getting insight about the data in flare by understanding how it is connected this supports more complex use cases than an identifier feed, as it is possible to distinguish between the different reasons why the different assets would be related to the identifier's monitored asset as an example, a domain asset can be mentioned in (e g a code file in a github repository contains a mention of the domain example com) or contribute to (e g a commit was made in a github repository by person\@example com) a github repository these relations are fundamentally different and may now be analyzed independently the relations each contain params , which qualify the relation between the assets with additional information (e g the number of commits that a github user has contributed to a github repository) additions flare added new types of identifiers to allow for better monitoring of assets revolving around public contributions on github these new types are the following githubproject githubuser email history the data used to map and qualify relations between assets is partly constructed using flare's new capability of monitoring every commit made publicly on github commit data previous to may 13th 2022 should not be expected to be exhaustive relations the currently supported relations revolve around github repositories and users and the domains or emails that contribute publicly on that platform relations diagram graph td; domain((domain)) >|subdomain of|domain; domain >|contributed to|repository((github repository)); domain >|mentioned in|repository; domain >|found from|email; email((email)) >|contributed to|repository; user((github user)) >|commits with|email; user >|contributed to|repository; relation types subdomain of the subdomain of relation qualifies a domain asset as being a part of another domain asset, under the dns hierarchy mentioned in the mentioned in relation qualifies a domain asset as being found in a code file contained in a github repository asset this relation is qualified with the following params number of commits the number of monitored commits in that github repository number of mentions the number of mentions of the specified domain in that github repository number of leaked secrets the number of leaked secrets flare found in that github repository using semgrep and other tools these may have been leaked by anyone contributed to the contributed to relation qualifies either a github user, domain or an email asset as having committed publicly into a github repository asset this relation is qualified with different params , based on the type of asset having contributed they can be the following domain asset number of commits the number of monitored commits in that github repository number of domain commits the number of monitored commits made by the specified domain in that github repository number of domain emails the number of persons commiting in that github repository using that domain number of leaked secrets the number of leaked secrets flare found in that github repository using semgrep and other tools these may have been leaked by anyone email asset number of email commits the number of commits made by the specified email in that github repository commits with the commits with relation qualifies an email asset as being used by a github user asset to commit code this relation is qualified with the following params number of email commits the number of commits made by that github user using the specified email number of github projects the number of github repositories in which that github user has publicly committed found from the found from relation qualifies an email asset as being part of a domain asset this relation is qualified with the following params number of github projects the number of github repository in which that emai has publicly committed number of email commits the number of commits made publicly on github by the specified email use cases the following use cases and more are supported by using asset relations listing all the github repositories in which a sensitive domain asset is mentioned and identify the github users and emails commiting into it listing all the github repositories in which the emails from your organization are committing publicly and order them by number of commits and leaked secrets listing all the github repositories in which specific monitored actors are committing publicly and identify those containing leaked secrets api documentation the flare api v3, which contains the asset relations endpoints is documented here firework api v3 docid\ w9vw3yse5vvbsycz6jqf1 related articles