CORE FEATURES

Credentials Browser

19min

Overview

The Credentials Browser in Flare is a powerful tool that offers users an intuitive interface for searching, tracking, and managing leaked credentials. It enables security teams to quickly identify compromised credentials across various sources, helping organizations proactively protect their accounts and digital assets. With advanced filtering, search capabilities, and export options, the Credentials Browser streamlines the process of investigating credential leaks, prioritizing risks, and responding to potential security threats.

Key Features

Agile and Intuitive Credential Investigations 

  • Efficient Search: Effortlessly navigate through Flare's comprehensive database of leaked credentials.
  • Precision Filtering: Refine searches based on domain, reverse domain, email, username, and password for targeted investigation.
  • Easy Tagging: Quickly mark results as remediated or ignored for streamlined management.
  • Export Capability: Conveniently export discovered credentials for reporting or integration with other security systems.

How It Works

To begin, visit the Credentials Browser page, whether you're able to use the search bar to look up potential matches in Flare's Leaked Credentials Database. With different filtering options you're able to look for matching leaks by Domain, Email, Password, and more.

Tenant Feed

The Tenant Feed view is designed to provide you with a centralized view of all the leaked credentials that matched your identifiers. This view aggregates all the leaked credentials for your tenant or individual identifier feeds.

Document image


Global Search

The Global Search View is a powerful tool that enables you to search for public leaked credentials within Flare's extensive Leaks Database. Unlike the Tenant Feed View, which is scoped specifically to your tenants, the Global Search View provides a broader perspective, allowing you to search across all available credentials in Flare’s database.

Flare's database contains close to 20 billion leaked credentials, giving you unparalleled access to one of the largest collections of compromised data in the industry. This comprehensive coverage helps you identify potential threats and breaches beyond your organization’s direct footprint, empowering you to take proactive security measures.

For more information and access to Global Search, contact your CSM.

Document image


Key Differences Between Tenant Feed and Global Search Views

Feature

Tenant Feed View

Global Search View

Scope

Limited to your tenant

All available data sources across all the Flare leaks database

Depth

Limited to 10k credentials per single leak

All credentials across all the Flare leaks

Use Case

Tenant-specific monitoring

Broad, cross-tenant investigations

Filtering

Date range, Identifier scope, Password policy, source type.

Password policy, source, type, etc.

The Tenant Feed View is also limited in depth. If more than 10k credentials from within a single leak match your identifiers we will only show the first 10k credentials in the Credentials Browser. To see the entire list of credentials that match your identifiers in that leak, you can go to the tenant event feed and search for one of the credentials showing the limit notice icon to find the event card with the entire list of corresponding credentials.

Filters

Dates

This filters on the Imported At date. This represents when Flare imported the leaked credential into our database.  

Source

This filters on the source of the data. So where that leaked credential was found on the illicit web.

Show

This allows you to select between viewing New, Remediated, Ignored, or All credentials. 

Password Policy

With this filter, you can select which password policies you want to include or exclude. So you can filter leaked credentials to only see those that match your organisation's password policy. 

Identifier Scope

As in the tenant feed search within the Events section of the app, in the Tenant Feed tab of the Credentials Browser you can filter to search within specific identifier feed or identifier group feed or across all your identifiers.

Search Types

When using the Credentials Browser, you can run searches across various categories to efficiently narrow down your results and identify potential risks. Each category serves a unique purpose, allowing you to focus on specific identifiers or attributes to pinpoint leaked credentials. Below is an overview of the available search types and their functionalities:

Domain of Email

Search by entering a domain (e.g., example.com) to find credentials associated with that domain in Flare's Leaks Database.

Use Case: Ideal for investigating whether an organization’s domain has been compromised, helping identify leaked credentials tied to the company’s digital assets.

Reverse Domain

In Global Search only – Allows you to search for subdomains using an autocomplete feature by reversing the order of the domain (e.g., entering com.google will display a dropdown of related subdomains like accounts.google.com).

Use Case: Useful for quickly discovering credentials associated with specific subdomains, especially when dealing with large, complex domain structures.

Email

Search in Flare's Leaks Database for an exact email address (e.g., [email protected]) to find any leaked credentials linked to that specific email.

Note: when searching using the email type, you can also search for a specific password (this would be an exact match search). 

Use Case: Best for checking if individual email addresses within an organization have been compromised, enabling targeted remediation.

Username

Search for an exact username to locate credentials tied to that username in Flare's Leaks Database.

Note: when searching using the username, you can also search for a specific password (this would be an exact match search). 

Use Case: Search by username is especially useful if the username is reused across sensitive systems, or to investigate targeted attacks.

Password

Search in Flare's Leaks Database for a specific password you know to see if it appears in any leaks.

Use Case: Search by password to detect compromised accounts or , for incident response support, verify whether an attacker used passwords that were previously leaked.

URL

Search in Flare's Leaks Database by entering a specific URL (e.g., login.example.com) to identify credentials that have been compromised for a particular service or endpoint.

Use Case: This is particularly helpful when assessing the risk of leaked credentials tied to critical web applications.

Related Articles