Events

12 min

flare continuously monitor for events containing information relevant to the identifiers you create these events can be viewed in the tenant feed within the events section https //app flare io/#/events of flare every time you visit the tenant feed, the side panel presents a summary of the data we've collected for the feed you're viewing (if you are on the main events page https //app flare io/#/events , it will be a summary of data collected for all your identifiers) tenant feed event actions in the top right corner of each event card there are buttons for various actions, including "mark as this event as remediated", "ignore this event", "edit event", and "add event to report" with the show filter under the search bar you are able to filter the current feed to show all events that have been marked as remediated , ignored , have had their score edited (labelled edited score ), or have had no changes made to them (labelled as normal ) mark as remediated if you've taken action to address a specific event, you can mark the event as remediated so that it is hidden from the feed you can always restore visibility of remediated events by choosing the remediated option from the show filter below flare's search bar ignoring events the ignore this event option allows you to exclude the event from your feeds you can always restore visibility of ignored events by choosing the ignored option from the show filter below flare's search bar an event previously remediated or ignored will not reappear afterwards in your the event feed in most cases, unless a difference in its content is detected there are particular behaviors when remediating and ignoring certain event types, as broken down below leaked credentials events when you remediate a leaked credential event in the feed or a credential item in the credentials browser future instances of the same credentials pair will appear remediated in both places as well they will be filtered out of the default view of the tenant feed and the credentials browser the severity level of a remediated leaked credential event that reappears will be lowered when you ignore a leaked credential event in the feed or a credential item in the credentials browser future credentials related to the same email/username will be ignored as well, both in the tenant feed and the credentials browser infected devices (stealer logs) when you see an old matched stealer log reappear, it could be for any of the following reasons a new source has posted (recycled) the original stealer log a change was detected in the content of the stealer log which treats the discovery as a new event open web when you see github events reappearing, it is due to changes within the github repository we are querying the entire page again which includes the changes and the parts that remained the same this leads to other parts of the repository changing and the section including your identifier to remain the same and appear again in the case of github, you can utilize ignore term policies https //docs flare io/policies to ignore certain github authors and projects adjust severity, tags, and notes of event the adjust this event option lets you quickly reassign the severity, add tags and notes to the event add to report you can also add a specific event to a report for more details about reports, see reports docid\ pm 4yn5q kvkwc76zwflo export events if needed, you can also export your events by clicking on the export events button the basic export includes the all metadata and a content preview exporting the full content of events greatly increases the size of the export sharing an event the share event option copies a shareable link to the event to your clipboard you can then send this link to a teammate directly, for example via slack or email when they open it, they are automatically routed to the correct tenant context, opening the event directly without requiring them to search for it or navigate through the feed manually follow these steps to share an event click on an event to open its details click on the actions menu and select share this will copy the link to your clipboard this is useful when you need to flag an event for review, escalate findings to another team member, or collaborate on a response anyone you share the link with will need access to your flare tenant to view the event related articles