Events

flare continuously monitor for events containing information relevant to the identifiers you create these events can be viewed in the tenant feed within the https //app flare io/#/events of flare every time you visit the tenant feed, the side panel presents a summary of the data we've collected for the feed you're viewing (if you are on the main https //app flare io/#/events , it will be a summary of data collected for all your identifiers) tenant feed event actions in the top right corner of each event card there are buttons for various actions, including "mark as this event as remediated", "ignore this event", "edit event", and "add event to report" event card with the show filter under the search bar you are able to filter the current feed to show all events that have been marked as remediated , ignored , have had their score edited (labelled edited score ), or have had no changes made to them (labelled as normal ) mark as remediated if you've taken action to address a specific event, you can mark the event as remediated so that it is hidden from the feed you can always restore visibility of remediated activities by choosing the remediated option from the show filter below flare's search bar remediate event ignoring events the ignore this event option allows you to exclude the activity from your feeds you can always restore visibility of ignored activities by choosing the ignored option from the show filter below flare's search bar ignore event the same event should not reappear in either of these cases if you see a new event with matching credentials or additional matching then something is new from the event to trigger it to have reappeared in the event feed this varies a bit by category as i have broken down below leaked credentials / infected devices (stealer logs) when you see an old matched credential reappearing, it could be for any of the following reasons a new source has posted (recycled) the original credential a change was made to the file or credential which treats the discovery as a new event it is important to note that when you ignore a credential in the credential browser, it should also ignore all future iterations of the user's leaked credentials open web when you see github events reappearing, it is due to changes within the github repository we are querying the entire page again which includes the changes and the parts that remained the same this leads to other parts of the repository changing and the section including your identifier to remain the same and appear again in the case of github, you can utilize ignore term https //docs flare io/policies to ignore certain github authors and projects adjust severity, tags, and notes of event the adjust this event option lets you quickly reassign the severity, add tags and notes to the event adjust event add to report you can also add a specific event to a report for more details about reports, see the reports section of our documentation add event to report export events if needed, you can also export your event result by clicking on the ‘export events’ button export events the basic export includes the all metadata and a content preview exporting the full content of events greatly increases the size of the export related articles