Leaked Credentials Events

7 min

what are leaked credential events? as flare collects data from various sources, user credentials are continuously extracted from ingested documents and indexed in two places the event categories docid\ cyhkv52dq61aosrmkc1bi and the credentials browser docid\ d3onszzq0knmu79ma 5oe any leaked credentials that match your configured identifiers are automatically added to your tenant feed, enabling you to actively monitor for exposures directly affecting your organization how they work each newly detected credential that matches your identifiers appears as its own individual card in the events feed as soon as it is detected newly detected credentials appear instantly in both the tenant feed and the credentials browser docid\ d3onszzq0knmu79ma 5oe the number of leaked credential events in your tenant feed will always match the count shown in the credentials browser and the dashboard leaked credentials event categories credential events are grouped into four categories based on their validation status event category description all credentials all leaked credentials discovered by flare valid credentials coming soon credentials confirmed to have a correct leaked password invalid credentials coming soon credentials confirmed to have an incorrect leaked password mitigated credentials coming soon credentials confirmed to have a correct password, but where mitigation actions have since been taken you can create alerts in alert central docid\ eqfosnlszdt49 kdw6xts based on specific event categories, allowing your team to prioritize and respond to confirmed active exposures more efficiently remediating and ignoring events remediation and ignore statuses for events are synchronized between the tenant feed and the credentials browser remediating a leaked credential event in the feed will remediate the corresponding credential pair in the credentials browser, and vice versa remediating a credential pair will also automatically remediate future credentials with the same username/password combination ignoring a leaked credential will ignore all credential pairs associated with the same email address or username alerts even though leaked credential events appear in the tenant feed instantly, alerts are triggered on an hourly cadence, even when configured to send as soon as possible each alert message includes all individual events added to the feed during that time window alerts never include password values, regardless of tenant permissions this applies to email alerts and all other notification channel types searching leaked credentials in global search searching for leaked credentials in global search generates a grouped card for results note that global search results are capped at 1,000 credentials per card for broader searches without this limitation, use the credentials browser docid\ d3onszzq0knmu79ma 5oe , which supports unrestricted searching and exploration of leaked credentials