Emerging Sources
Flare's Emerging Source data are data coming from new sources that are currently not supported within the Flare application. We have built an Emerging Source System that allows us to swiftly integrate certain datasets and sources previously not covered by the Flare platform, addressing visibility gaps, and enhancing data coverage.
Unlike events coming from our other Collection data:
Emerging source events are raw
- Basic metadata
- Raw content view only
- No severity scoring
- No AI assist
Emerging source data may not be archived in the long term
- Flare reserves the right to remove and add emerging sources at any time
If you are find value in one of our emerging sources and would like the data to be enriched or improved. Please reach out to our support team, your feedback will help us prioritise improving that dataset.
App Stores
- Poses security risks because these app stores may host unverified and/or malicious apps
- Gives you visibility into illegitimate versions of your mobile apps being disseminated on APK sites and App stores
- Helpful for notable brand names and/or customers who have a portfolio of mobile applications on Google Play
Botnet
- Threat actor groups often have access to networks of compromised devices or “botnets” that can be used in attacks
- Flare’s research team has Intelligence about these botnets like IP addresses and target/victim company names
- Gives you visibility to see if you have been targeted by a botnet and/or if you have any assets that are unknowingly part of a botnet
SEC 8-K Filings
- We are monitoring SEC 8-K filings, specifically under Item 1.05: Material Cybersecurity Incidents. These filings provide timely alerts when publicly traded companies report significant cybersecurity incidents.
PII & Unverified Leaks
- Includes various PII breaches, along with any "unverified" breaches we find online. For example, the PII part of the PureIncubation breach would have been a good fit here.
- Unverified breaches refer to leaks posted on cybercrime forums where the origin can't be validated. A breach is considered "verified" when it's recognized by services like HaveIBeenPwned (HIBP) or included in "official" lists on dark web forums.
Ransomware Files
- This source will consist of files related to ransomware attacks. We'll be uploading these files and creating events in the platform based on the content extracted from them.
Other Found Files
- This source will contain any other files identified by the Flare team that hold potential value but don’t fit into the two categories above.
Potential Stealer Logs
- This contains "rejected" stealer logs from our traditional pipeline. Any files that appear to be stealer logs but are missing critical information or are of an unsupported layout can be found here.
DockerHub Monitoring
- We actively monitor public DockerHub repositories to identify exposed secrets and misconfigurations in container images. By analyzing image manifests and selected layers, we help uncover potential security risks that could lead to supply chain attacks.
New sources will be added to Flare on a case by case basis as we discover them. If you are aware of a new source that you would like to see in Flare reach our to our support team and we will review its feasibilty.
Emerging Source data is 'opt-in', this means it this data is not selected by default for any identifiers or for the event search.
To see emerging source data related to a certain identifier, you need to actively select this data category from the dropdown. Note, the emerging sources category will not be selected even if you click the 'Select All' option. You have to manually opt-in.
To see events from emerging source data, you need to actively select this data category from the dropdown.
