Dashboard
The Flare Dashboard provides you with various metrics and charts that help you understand your organization's exposure based on the data available within Flare. It focuses on delivering actionable metrics to enhance operational efficiency.
There are two tabs within the Dashboard. Overview gives you an operational and strategic overview of your exposure, while the Insights tab gives you detailed insights into certain specifics of your exposure.
Most of the information found in the Overview is also available when creating Reports.
There are four sections to the Overview tab:
- Unresolved Events: This view caters to frontline security professionals, providing a snapshot of the most pressing events on the attack surface.
- Event Trends: This section helps you understand your exposure growth over time and how your actions in Flare and keeping on top of it.
- Event Explorer: You can filter these charts by category, severity, and timeframe, making them especially valuable to security and executive leadership. They provide insight into long-term trends and how efficiently issues are being resolved.
- Identifier Trends: As businesses grow, their attack surfaces—and identifiers—expand accordingly. This view appeals to both security teams and executive leadership. Additionally, it offers value to MSSP partners by showing how identifiers are being leveraged by end customers.
Below you can find more information about What Can Explain an Increase in Events? and details about how the dashboard works, which may explain any unexpected inconsistencies in the data.
The following is a list of variables that may contribute to increased events within your tenant.
Creating new identifiers may potentially increase the number of events in Flare, due to the amount of additional identifiers discovered. Learn more how identifiers work at Flare here.
Similarly, identifiers that are too broad in scope, or a lack of ignored terms may also increase the number of events. Learn more configuring your identifiers here.
Stealer Logs often have large ripple effects, which have a tendency of creating a large number of corresponding events. Learn more leaked credentials here.
Similar to Stealer Logs, having at least one critical event will likely drive a large number of events to monitor. Learn more severity scoring here.
Additional data sources added to your tenant may result in an increase of events. Learn more about our data sources here.
Increased visibility may increase the number of threat actors that are targeting you, which in turn can drive an increase of events.
Reach out to your Customer Service representative for additional information on event growth within Flare.
Any unexpected inconsistencies in the data provided by Flare may be due to one of the following factors:
The Event Count is counted from the last day within the timeframe you have selected. For example, if you’re looking at monthly data, Flare will count the total number of events that Flare discovered for each month on the last day of that month. If you add or delete identifiers within that same month, this difference will not be taken into account at the monthly level, but may be visible in the weekly or daily charts.
Dashboard data is updated daily and is not 'live'. If you perform a change to your events, such as remeditation, you will not see the numbers update in the dashboard until the following day. The Event feeds are updated much more frequently, which may result in some minor differences in the data. It also means that if identifiers were created or deleted within the last 24 hours, they will not be taken into account until the following refresh.
The charts are based on the First Seen At timestamp for events. This is different from the Estimated Created At timestamp, which is the date by which we sort the events in the Events feed. This means you are likely to see a disparity in the number of events when you are filtering by a certain timeframe on the dashboard, as compared to the events feed.
Event counts in charts are impacted by the deletion of identifiers. If you’ve exported data from the Dashboard in the past, the numbers may change based on these deletions, which would therefore impact the number of events reported for a given range.