Documentation Index
Fetch the complete documentation index at: https://docs.tryflare.ai/llms.txt
Use this file to discover all available pages before exploring further.
FAQ
Does Flare store my logs?
Does Flare store my logs?
No. Your logs are analyzed in memory and discarded immediately. Flare stores only the analysis results - anomaly findings, scores, and explanations - not the raw log data. Source log evidence (1-5 log entries per anomaly) is stored to support investigation, but the full log set is never retained.
What permissions does Flare need?
What permissions does Flare need?
For GCP, Flare requires only
roles/logging.viewer (read-only access to Cloud Logging). This allows Flare to read audit log entries but not modify any GCP resources. See GCP Connector for details.How many analyses can I run per day?
How many analyses can I run per day?
During the open beta, each account can run 10 manual analyses per day. The counter resets at midnight UTC. Scheduled runs do not count against this limit.
Is there a file size limit for uploads?
Is there a file size limit for uploads?
Yes, uploaded files are limited to 2 MB. For larger log sets, filter your export to a specific time window or log type before uploading. See File Upload for tips.
How does Flare decide what's anomalous?
How does Flare decide what's anomalous?
Flare combines AI analysis with statistical baselines. It tracks field values across your analyses over time (what IP addresses, service accounts, API methods are normal for your environment) and flags values that are new, unusually frequent, or appear in suspicious patterns. Each finding is scored 0-100 based on how far it deviates from your baseline.
What does 'First Seen' mean?
What does 'First Seen' mean?
A “First Seen” badge means the flagged value (e.g., a specific IP address or service account) has never appeared in any previous analysis for this project. It’s a strong signal that something genuinely new is happening. The First Seen system gets more accurate with each analysis you run.
Can I use Flare without connecting a cloud provider?
Can I use Flare without connecting a cloud provider?
Yes. You can upload log files directly in JSON, NDJSON, CSV, or plain text format. Connecting a cloud provider enables live log fetching and scheduled runs, but file upload works without any connector setup.
What happens if my GCP connection expires?
What happens if my GCP connection expires?
If your OAuth token is revoked or expires, Flare marks the connector as “Expired” and pauses any active schedules. Your analysis history is preserved. Go to Connectors and click Reconnect GCP to re-authenticate. See GCP Connector troubleshooting for common causes.
Which cloud providers are supported?
Which cloud providers are supported?
Currently, Flare supports Google Cloud Platform (Cloud Audit Logs). AWS CloudTrail and Azure Activity Logs are on the roadmap. You can analyze logs from any provider today by uploading them as files.
Is Flare free?
Is Flare free?
Flare is free during the open beta. Pricing details for Pro and Team tiers will be announced before the beta ends. There are no ingestion fees - Flare reads directly from your cloud provider.
How is Flare different from a SIEM?
How is Flare different from a SIEM?
Traditional SIEMs (Splunk, Elastic, etc.) require you to forward and store logs, write detection rules, and pay per GB of data ingested. Flare reads your logs in place, uses AI instead of rules, and charges nothing for data volume. Flare is purpose-built for anomaly detection in cloud audit logs - it’s not a general-purpose log management platform.
Can I delete my data?
Can I delete my data?
Yes. You can delete individual analyses from the Analyses page. Disconnecting a connector removes the stored OAuth tokens. To delete your account entirely, contact support.