CORE FEATURES
Global Search
20 min
overview global search allows you to query flare's data for events and information not directly associated with your configured tenants or identifiers flare's database contains close to 20 billion leaked credentials , giving you unparalleled access to one of the largest collections of compromised data in the industry this comprehensive coverage helps you identify potential threats and breaches beyond your organization’s direct footprint, empowering you to take proactive security measures access to global search depends on your flare license for more information, please reach out to your customer success manager (csm) with access to global search, you can search across all public leaked credentials in flare’s dataset instantly surface credentials, and other signals use precise filters to refine results for targeted investigations what event categories can you search? global search queries target specific flare data categories illicit networks includes data from dark web forums, marketplaces, telegram, and more leaked credentials encompasses credentials found in various breaches and leaks event categories such as open source intelligence, look alike domains, and other emerging sources typically require configured identifiers and are not included within the scope of global search how do i access global search? if global search is included in your license, it can be accessed through the following methods within the flare platform in events utilize this view to correlate general events with leaked credentials or to pivot from an event to gain broader contextual understanding in credential browser directly query flare’s extensive leaked credential dataset using keywords, specific filters, and advanced search options via the api for programmatic access and integration, refer to the flare api documentation for details on relevant endpoints how does it work? when you perform a search, flare scans its entire dataset of publicly exposed credentials, identity patterns, and breach data you can refine your results using advanced filters such as 	• username 	• domain 	• password 	• exposure source 	• date range 	• and more… each global search, whether initiated via the ui or api, returns up to a certain number of results by default unfiltered searches retrieve the most recent matching events from the flare database depending on your subscription plan, your access to global search may include a limited number of monthly searches please reach out to your customer success manager (csm) for options on upgrading or adding search credits tips on getting started global search in events select what matters markets this will search seven years of archived dark web markets data dark web markets are defined as marketplaces active on tor with automated purchasing forums this will search across seven years of archived dark web forum data including top cybercrime forums such as exploit and xss profiles this option searches for specific threat actor profiles (please note it excludes telegram actors and users) chats chats is our telegram functionality and searches more than 4,500 channels focused on fraud, cybercrime, identity theft, sim swapping, and more flare continually updates our telegram coverage and channels are archived as soon as we begin covering them ransom leaks flare automatically collects from more than 50 ransomware blogs where ransomware groups routinely publish data from ransomware victims who didn’t pay we automatically parse archived files, and identify specific file names that may contain your organization’s name infected devices this search option includes more than 21,000,000 stealer logs that flare has collected and will search for domains or keywords found in those stealer logs infostealer malware infects victims computers and steals all credentials saved in a browser typically we recommend searching domains for this option using lucerne query syntax use “” to only show exact matches use and , or and () for more complex queries– they allow you to identify events that have multiple specific terms in them, but may be separated global search in the credentials browser search types when using the credentials browser , you can run searches across various categories to efficiently narrow down your results and identify potential risks each category serves a unique purpose, allowing you to focus on specific identifiers or attributes to pinpoint leaked credentials below is an overview of the available search types and their functionalities domain of email search by entering a domain (e g , example com ) to find credentials associated with that domain in flare's leaks database use case ideal for investigating whether an organization’s domain has been compromised, helping identify leaked credentials tied to the company’s digital assets reverse domain in global search only allows you to search for subdomains using an autocomplete feature by reversing the order of the domain (e g , entering com google will display a dropdown of related subdomains like accounts google com ) use case useful for quickly discovering credentials associated with specific subdomains, especially when dealing with large, complex domain structures email search in flare's leaks database for an exact email address (e g , user\@example com ) to find any leaked credentials linked to that specific email note when searching using the email type, you can also search for a specific password (this would be an exact match search) use case best for checking if individual email addresses within an organization have been compromised, enabling targeted remediation username search for an exact username to locate credentials tied to that username in flare's leaks database note when searching using the username, you can also search for a specific password (this would be an exact match search) use case search by username is especially useful if the username is reused across sensitive systems, or to investigate targeted attacks password search in flare's leaks database for a specific password you know to see if it appears in any leaks use case search by password to detect compromised accounts or , for incident response support, verify whether an attacker used passwords that were previously leaked url search in flare's leaks database by entering a specific url (e g , login example com ) to identify credentials that have been compromised for a particular service or endpoint use case this is particularly helpful when assessing the risk of leaked credentials tied to critical web applications for more information on other use cases, you can consult the dedicated section for credential browser use cases faqs q what is the difference between global search and the tenant feed view? feature tenant feed view global search view scope limited to your tenant all available data sources across all the flare leaks database depth limited to 10k credentials per single leak all credentials across all the flare leaks use case tenant specific monitoring broad, cross tenant investigations filtering date range, identifier scope, password policy, source type password policy, source, type, etc related articles