Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tryflare.ai/llms.txt

Use this file to discover all available pages before exploring further.

What is Flare

Flare connects to your cloud audit logs and uses AI to surface anomalous access patterns, privilege escalations, and unusual API behavior - ranked by severity and explained in plain English.

How it works

1

Connect your cloud

OAuth into GCP in under 60 seconds. Flare gets read-only access to your Cloud Audit Logs. Your logs stay in GCP - Flare never stores raw log data.
2

Flare analyzes your logs

Flare scans access patterns across your audit logs, compares against historical baselines, and surfaces anomalies ranked by severity (Critical, High, Medium, Low).
3

Investigate conversationally

Ask follow-up questions about any finding. Flare has full context from the analysis and can explain what happened, why it matters, and what to do next.

What Flare detects

Flare looks for patterns that traditional rule-based tools miss:
  • Privilege escalations - unexpected IAM policy changes, role grants, service account key creation
  • Unusual access patterns - API calls from new IP ranges, Tor exit nodes, unfamiliar user agents
  • Permission anomalies - spikes in PERMISSION_DENIED errors that suggest reconnaissance
  • Behavioral shifts - service accounts acting outside their normal patterns
  • First-seen activity - field values that have never appeared in your environment before

Key principles

Zero data retention

Your logs are analyzed in memory and never stored. Flare keeps only the anomaly findings, not the raw logs.

No ingestion fees

Unlike traditional SIEMs, Flare reads directly from your cloud provider. No log forwarding, no per-GB costs.

Plain English explanations

Every anomaly comes with a human-readable explanation of what happened and why it matters.

Historical baseline

Flare tracks what’s normal for your environment over time, so it can flag what’s genuinely new.

Supported cloud providers

ProviderStatusLog type
Google Cloud PlatformAvailableCloud Audit Logs (Admin Activity, Data Access, System Events)
Amazon Web ServicesComing soonCloudTrail
Microsoft AzureComing soonActivity Logs
You can also upload log files directly (JSON, CSV, or plain text) from any source.

Next steps

Quickstart

Get up and running in 5 minutes

Live demo

See Flare analyze a simulated privilege escalation attack