Every Activity in Flare is given a Severity, based on our analysis of the content. For example, Activities containing personal information or login credentials will have a higher Severity. We are constantly working to refine our measuring methods so the severity is not always a perfect representation of the risk level for an individual Event. Instead, it is meant as a way to prioritize Events as a whole.

When defining an Identifier, the severity is used to eliminate any events that have a severity level lower than a specific threshold. To update your current settings, browse to the Identifiers page, edit each one, and set the desired threshold. We recommend keeping the threshold low for identifiers that generally produce high-quality results, such as looking for a domain name on the dark web, and increasing the threshold for more noisy items, such as a common brand name on Github.

Similarly, it is possible to change the severity threshold for search results or when viewing feeds to expand or narrow the results based on severity.

Details on the severity process are described in the various source pages.

⬤ INFO Validated not-sensitive

Ex. Domain Lists

⬤ LOW Public information

Ex. Github content, pastes

⬤ MEDIUM Potentially sensitive based on source or query

Ex. Illicit network mentions, Github secrets, Google dorks

⬤ HIGH Potential leaked data or threat identified

Ex. PII, config files, credentials (Leaked Data)

⬤ CRITICAL Potential serious leaked data or threat identified

When using some Integrations (or when using Flare's API), scoring might be communicated with a numerical value instead of the labels listed above. The following list details the numerical values you may receive and their corresponding severities:

1 = ⬤ INFO

2 = ⬤ LOW

3 = ⬤ MEDIUM

4 = ⬤ HIGH

5 = ⬤ CRITICAL