Flare Executive and VIP Monitoring

the following documentation will help your team to understand the best way to build identifiers that allow you to monitor for threat exposures impacting senior executives and other vips affiliated with your organization monitoring for credentials oftentimes when an identifier is created for an entire organization’s domain, it can be easy to miss certain emails that are related to more high priority accounts such as a ceo, cfo, coo or cto additionally, senior executives often have several email addresses personal, other business affiliations, or otherwise that are valuable to monitor to fix this, we recommend setting an identifier for an executive’s exact credential and setting an alert for this this can be done by choosing an email identifier and setting an alert to your preferred method of communication to reduce noise, it is recommended that you only select the leaked credentials and infected device categories monitoring for personally identifiable information (pii) threat actors, trolls, and com kids are notorious for an activity known as doxing doxing is taking all personal information about an individual and personal information about their family members to post on a website for everyone to see a dox can be malicious and create potential physical threats to an individual and their family members to better help monitor for potential dox information, you can utilize flare by adding your personal information which we can monitor for popular doxing sources you can use the keyword or query identifier and enter in any of the following information address social insurance number family member names social media account handles or urls bin numbers additional notes if using a query, it is imperative to add “ ” around your query in this instance for example “1234567” for a sin or “143 fun street” if configuring pii as an identifier in the flare platform is a privacy concern, you can use partial information for example, the last few digits of a social security number or a portion of an address when using partial information, it will reduce noise by using a query that includes a first and last name as well as so “first last name” and “fun street” monitoring for threats and violence in chats, forums and message boards searching for just a name across various sources can sometimes yield broad or unrelated results, particularly if the name is common to better identify relevant events, such as potential threats or violent mentions directed at you, consider combining your name with specific keywords using a query identifier can help structure these searches effectively below are examples of query types you can use direct violence or threats "first name last name" and "company name" and ("murder" or "attack" or "shoot" or "stab" or "hurt") weapons or tools of violence "first last" and "company name" and ("gun" or "knife" or "bomb" or "explosive" or "bullet") aggressive phrasing or ideation "first last" and "company name" and ("die" or "death" or "terminate" or "end life") mental states or indicators "first last" and "company name" and ("revenge" or "payback" or "retaliate") online behavior indicators "first last" and "company name" and ("dox" or "swat" or "manifesto" or "kidnap") communication cues "first last" and "company name" and ("you’re dead" or "coming for you" or "next victim") emerging sources when configuring identifiers for executive and vip protection, consider emerging sources categories in addition to flare’s primary exposure categories the flare research and collection teams are constantly adding certain datasets and sources previously not covered by the flare platform, addressing visibility gaps, and enhancing data coverage see here https //docs flare io/emerging source for more information