Emerging Sources

flare's emerging source data are data coming from new sources that are currently not supported within the flare application we have built an emerging source system that allows us to swiftly integrate certain datasets and sources previously not covered by the flare platform, addressing visibility gaps, and enhancing data coverage unlike events coming from our other collection data emerging source events are raw basic metadata raw content view only no severity scoring no ai assist emerging source data may not be archived in the long term flare reserves the right to remove and add emerging sources at any time if you are find value in one of our emerging sources and would like the data to be enriched or improved please reach out to our support team, your feedback will help us prioritise improving that dataset future emerging sources new sources will be added to flare on a case by case basis as we discover them if you are aware of a new source that you would like to see in flare reach our to our support team and we will review its feasibilty emerging sources app store poses security risks because these app stores may host unverified and/or malicious apps gives you visibility into illegitimate versions of your mobile apps being disseminated on apk sites and app stores helpful for notable brand names and/or customers who have a portfolio of mobile applications on google play botnet threat actor groups often have access to networks of compromised devices or “botnets” that can be used in attacks flare’s research team has intelligence about these botnets like ip addresses and target/victim company names gives you visibility to see if you have been targeted by a botnet and/or if you have any assets that are unknowingly part of a botnet sec 8 k filings we are monitoring sec 8 k filings, specifically under item 1 05 material cybersecurity incidents these filings provide timely alerts when publicly traded companies report significant cybersecurity incidents pii & unverified leaks includes various pii breaches, along with any "unverified" breaches we find online for example, the pii part of the pureincubation breach would have been a good fit here unverified breaches refer to leaks posted on cybercrime forums where the origin can't be validated a breach is considered "verified" when it's recognized by services like haveibeenpwned (hibp) or included in "official" lists on dark web forums ransomware files this source will consist of files related to ransomware attacks we'll be uploading these files and creating events in the platform based on the content extracted from them other found files this source will contain any other files identified by the flare team that hold potential value but don’t fit into the two categories above potential stealer logs this contains "rejected" stealer logs from our traditional pipeline any files that appear to be stealer logs but are missing critical information or are of an unsupported layout can be found here docker hub files we actively monitor public dockerhub repositories to identify exposed secrets and misconfigurations in container images by analyzing image manifests and selected layers, we help uncover potential security risks that could lead to supply chain attacks shai hulud – github exfiltration repositories this emerging source tracks public github repositories created by the shai hulud 2 0 npm worm, which exfiltrates credentials and secrets from compromised systems the malware uses stolen github tokens to push harvested data (for example, files such as trufflesecrets json) into newly created repositories in many cases, affected organizations will see email addresses using their domains or other identifiers within these repositories because the worm can reuse previously compromised github tokens, the repository owner or committer is not always the same individual whose data was exfiltrated flare ingests these repositories so you can search for your identifiers and assess whether secrets or oth how to see to emerging source data emerging source data is 'opt in', this means it this data is not selected by default for any identifiers or for the event search configuring identifiers to see emerging source data related to a certain identifier, you need to actively select this data category from the dropdown note, the emerging sources category will not be selected even if you click the 'select all' option you have to manually opt in searching in events to see events from emerging source data, you need to actively select this data category from the dropdown