Credentials Browser

what is the credential browser? the credentials browser in flare offers an intuitive interface to search, review, and manage leaked credentials it enables security teams to quickly identify compromised credentials across various sources, helping organizations proactively protect their accounts and digital assets with advanced filtering, search capabilities, and export options, the credentials browser streamlines the process of investigating credential leaks, prioritizing risks, and responding to potential security threats key features efficient search navigate through flare's comprehensive database of leaked credentials precision filtering refine searches based on domain, reverse domain, email, username, and password for targeted investigation easy tagging quickly mark results as remediated or ignored for streamlined management remediated a credential pair will appear as remediated if found again in a new source ignored a username/email will be ignored if found in a new source validation with identity provider when an microsoft entra id docid\ pyo29i2v5ctry6bro1gqs is set up, instantly validate credentials for efficient assessment and triage of leaked credentials access identity profiles docid\ wl3hdzqylk5shvy 7towz s with identity exposure management overview docid\ br2xphzrgblwomi6lksjg , contextualize credentials leaks for your corporate identities, automate validation and response export capability conveniently export discovered credentials for reporting or integration with other security systems how it works start by visiting the credentials browser page https //app flare io/#/credentials browser , where you can use the search bar to find potential matches in flare’s leaked credentials database you can filter results by domain, email, password, and other criteria to narrow your search tenant feed the tenant feed view is designed to provide you with a centralized view of all the leaked credentials that relate to your identifiers metrics on top of the tenant feed, you can find metrics representing credentials related to your identifiers metrics related to validation and mitigation with your identity provider are only available when such an integration has been set up unique / total credentials unique and total counts of credential pairs found across all captured events remediated credentials total number of credential pairs with a remediated status password validation attempts total number of passwords for which validation with an identity provider was attempted valid passwords total number of passwords tested as valid with an idp new credentials (last 24h) total number of new credentials pairs imported in the last 24h credentials mitigated via idp total number of credentials pairs for which an automated action has been triggered via an identity provider global search the global search view enables you to search for publicly leaked credentials within flare's extensive leaks database unlike the tenant feed view, which is scoped specifically to your tenant, the global search view provides a broader perspective, allowing you to search across all available credentials in flare’s database flare's database contains close to 20 billion leaked credentials , giving you unparalleled access to one of the largest collections of compromised data in the industry this comprehensive coverage helps you identify potential threats and breaches beyond your organization’s direct footprint, empowering you to take proactive security measures for more information and access to global search , contact your csm key differences between tenant feed and global search views feature tenant feed view global search view scope limited to your tenant all available data sources across all the flare leaks database depth limited to 10k credentials per single leak all credentials across all the flare leaks use case tenant specific monitoring broad, cross tenant investigations filtering date imported, identifier scope, password policy, source type, idp credential status, flare status, hide combolist, hide duplicates date imported, source, hide combolists remediate & ignore remediate and ignore actions are available in the tenant feed not available in global search the tenant feed view is also limited in depth if more than 10k credentials from within a single leak match your identifiers we will only show the first 10k credentials in the credentials browser to see the entire list of credentials that match your identifiers in that leak, you can go to the tenant event feed and search for one of the credentials showing the limit notice icon to find the event card with the entire list of corresponding credentials filters date imported this filters on the imported at https //docs flare io/event date fields#o 9pk date this represents when flare imported the leaked credential into our database identifier scope as in the tenant feed search within the events section of the app, in the tenant feed tab of the credentials browser you can select to display only a specific identifier feed, an identifier group feed, or all your identifiers password policy with this filter, you can select which password policies you want to include or exclude this enables you to display only leaked credentials that match your organisation's password policy source this filters on the source of the data so where that leaked credential was found on the illicit web ignore combolists this toggles whether credentials originating from combolist are displayed or not idp credential status available with an active idp integration this filters on the status of the credentials after validating it with the idp flare status this allows you to select between viewing new, remediated, ignored, or all credentials hide duplicates in case of repeated credential pairs, this toggle keeps only the first imported occurence of each unique combination of email/username and password search types when using the credentials browser , you can run searches across various categories to efficiently narrow down your results and identify potential risks each category serves a unique purpose, allowing you to focus on specific identifiers or attributes to pinpoint leaked credentials below is an overview of the available search types and their functionalities domain of email search by entering a domain (e g , example com ) to find credentials associated with that domain in flare's leaks database use case ideal for investigating whether an organization’s domain has been compromised, helping identify leaked credentials tied to the company’s digital assets reverse domain in global search only – allows you to search for subdomains using an autocomplete feature by reversing the order of the domain (e g , entering com google will display a dropdown of related subdomains like accounts google com ) use case useful for quickly discovering credentials associated with specific subdomains, especially when dealing with large, complex domain structures email search in flare's leaks database for an exact email address (e g , user\@example com ) to find any leaked credentials linked to that specific email note when searching using the email type, you can also search for a specific password (this would be an exact match search) use case best for checking if individual email addresses within an organization have been compromised, enabling targeted remediation username search for an exact username to locate credentials tied to that username in flare's leaks database note when searching using the username, you can also search for a specific password (this would be an exact match search) use case search by username is especially useful if the username is reused across sensitive systems, or to investigate targeted attacks password search in flare's leaks database for a specific password you know to see if it appears in any leaks use case search by password to detect compromised accounts or , for incident response support, verify whether an attacker used passwords that were previously leaked url search in flare's leaks database by entering a specific url (e g , login example com ) to identify credentials that have been compromised for a particular service or endpoint use case this is particularly helpful when assessing the risk of leaked credentials tied to critical web applications export credentials an export function allows you to download a csv file of the currently displayed credentials please note that it is only possible to export 10 thousands credentials at a time if you have more credentials to export, you could for example use the date range filter to isolate sets of less than 10k items to export related articles