Understand Event Severity

every activity in flare is given a severity , based on our analysis of the content for example, activities containing personal information or login credentials will have a higher severity we are constantly working to refine our measuring methods so the severity is not always a perfect representation of the risk level for an individual event instead, it is meant as a way to prioritize events as a whole when defining an identifier, the severity is used to eliminate any events that have a severity level lower than a specific threshold to update your current settings, browse to the identifiers page, edit each one, and set the desired threshold we recommend keeping the threshold low for identifiers that generally produce high quality results, such as looking for a domain name on the dark web, and increasing the threshold for more noisy items, such as a common brand name on github similarly, it is possible to change the severity threshold for search results or when viewing feeds to expand or narrow the results based on severity details on the severity process are described in the various source pages severity descriptions ⬤ ⬤ info validated not sensitive ex domain lists ⬤ ⬤ low public information ex github content, pastes ⬤ ⬤ medium potentially sensitive based on source or query ex illicit network mentions, github secrets, google dorks ⬤ ⬤ high potential leaked data or threat identified ex pii, config files, credentials (leaked data) ⬤ ⬤ critical potential serious leaked data or threat identified scoring and integrations when using some integrations (or when using flare's api), scoring might be communicated with a numerical value instead of the labels listed above the following list details the numerical values you may receive and their corresponding severities 1 = ⬤ ⬤ info 2 = ⬤ ⬤ low 3 = ⬤ ⬤ medium 4 = ⬤ ⬤ high 5 = ⬤ ⬤ critical related articles