Beta Metrics
Coming soon -> Sign up for the Beta!
The Beta Metrics dashboard provides you with various metrics and charts that help you understand your organization's exposure based on the data available within Flare.
There are three tabs within the Dashboard. Overview is our historical production dashboard that will be replaced before the end of 2024, Beta Metrics is a beta version of our new dashboard which gives you an operational and strategic overview of your exposure, while the Insights tab gives you detailed insights into certain specifics of your exposure.
Most of the information found in the Overview is also available when creating Reports.
Events are categorized into one of five different event exposure types. The main area where you will see these exposure types used is in the Dashboard and in Reports.
Identifiers can be assigned to one or more of these exposure types, based on the identifier's assigned data source categories.
Exposure Type | Description | Flare data source categories included in this exposure types |
|---|---|---|
External Attack Surface | This includes open ports and vulnerabilities |
|
Leaked Credentials | This includes infected devices, stealer logs and leaks. |
|
Criminal Underground | This includes illicit network chat mentions and forum messages, listings and certificates. |
|
Exposed Source Code | This includes open web repositories, commits, files, and Stack Exchange posts and topics. |
|
Sensitive Data | This includes pastes, buckets and Ransomware leaks. |
|
The following is a list of variables that may contribute to increased events within your tenant.
Creating new identifiers may potentially increase the number of events in Flare, due to the amount of additional identifiers discovered. Learn more how identifiers work at Flare here.
Similarly, identifiers that are too broad in scope, or a lack of ignored terms may also increase the number of events. Learn more configuring your identifiers here.
Stealer Logs often have large ripple effects, which have a tendency of creating a large number of corresponding events. Learn more leaked credentials here.
Similar to Stealer Logs, having at least one critical event will likely drive a large number of events to monitor. Learn more severity scoring here.
Additional data sources added to your tenant may result in an increase of events. Learn more about our data sources here.
Increased visibility may increase the number of threat actors that are targeting you, which in turn can drive an increase of events.
Reach out to your Customer Service representative for additional information on event growth within Flare.
Any unexpected inconsistencies in the data provided by Flare may be due to one of the following factors:
The Event Count is counted from the last day within the timeframe you have selected. For example, if you’re looking at monthly data, Flare will count the total number of events that Flare discovered for each month on the last day of that month. If you add or delete identifiers within that same month, this difference will not be taken into account at the monthly level, but may be visible in the weekly or daily charts.
Dashboard data is updated once a day, while Event feeds are updated much more frequently, which may result in some minor differences in the data It also means that if identifiers were created or deleted within the last 24 hours, they will not be taken into account until the following refresh.
Some charts available on the Dashboard use different timestamps, for example “First Seen At” vs. “Estimated Created At”. You can review the Overview section above to see which chart uses which timestamp.
Event counts in charts are impacted by the deletion of identifiers. If you’ve exported data from the Dashboard in the past, the numbers may change based on these deletions, which would therefore impact the number of events reported for a given range.