Events

flare collects events containing relevant information for you based on the identifiers you create these can be viewed as a feed at the events page , or by selecting the events tab in the navigation bar every time you visit an event feed, a report will be generated on the right side of the screen that shows a summary of the data we've collected for the feed you're viewing (if you are on the main events page , it will be a summary of data collected for all your identifiers) the "last 30 days" drop down lets you toggle between different views for the events volume graph only they will not affect the totals in the most active actors and most active sources lists, or the categories and severity scores graphs event actions in the top right corner of each event card there are buttons for various actions, including "mark as remediated", "ignore this event", "edit score", and "add to report" with the show filter under the search bar you are able to filter the current feed to show all events that have been marked as remediated , ignored , have had their score edited (labelled edited score ), or have had no changes made to them (labelled as normal ) mark as remediated if you've taken action to address a specific event, you can mark the event as remediated so that it is hidden from the feed you can always restore visibility of remediated activities by choosing the remediated option from the show filter below flare's search bar ignoring events the ignore this event option allows you to exclude the activity from your feeds you can always restore visibility of ignored activities by choosing the ignored option from the show filter below flare's search bar the same event should not reappear in either of these cases if you see a new event with matching credentials or additional matching then something is new from the event to trigger it to have reappeared in the event feed this varies a bit by category as i have broken down below leaked credentials / infected devices (stealer logs) when you see an old matched credential reappearing, it could be for any of the following reasons a new source has posted (recycled) the original credential a change was made to the file or credential which treats the discovery as a new event it is important to note that when you ignore a credential in the credential browser, it should also ignore all future iterations of the user's leaked credentials open web when you see github events reappearing, it is due to changes within the github repository we are querying the entire page again which includes the changes and the parts that remained the same this leads to other parts of the repository changing and the section including your identifier to remain the same and appear again in the case of github, you can utilize ignore term policies to ignore certain github authors and projects edit score the edit the severity score of this event option lets you quickly reassign the risk score of the event add to report you can also add a specific event to a report for more details about reports, see the reports section of our documentation export events if needed, you can also export your event result by clicking on the ‘export events’ button the basic export includes the all metadata and a content preview exporting the full content of events greatly increases the size of the export related articles