Now in beta · GCP Audit Logs

Your cloud logs are hiding something.
Flare finds it first.

Connects to GCP Audit Logs and surfaces anomalous patterns: unusual IPs, privilege escalations, permission spikes.

Get startedSee live demo →
prod-gcp-audit · Dec 14 2024 · 03:15 UTC
complete
3 anomalies detected14,832 logs analyzed
#1protoPayload.methodNameSetIamPolicy
Critical
97

SetIamPolicy called 847× in this window vs. baseline of 3/day. A service account granted Owner access to 12 production projects at 2:14 AM.

Baseline
0.4% of events
Observed
67% of events
#2httpRequest.remoteIp185.220.101.47
Critical
91

Known Tor exit node (Proofpoint dataset). First appearance in 90-day history. All 23 API calls succeeded.

Baseline
Never seen
Observed
23 calls
#3protoPayload.status.codePERMISSION_DENIED
High
76

340 PERMISSION_DENIED errors in 15 min · 98× the daily average. Consistent with automated credential stuffing.

Baseline
0.1% of events
Observed
12% of events
Ask Flare: "Why is SetIamPolicy anomalous?"
How it works

From connected to findings in minutes

01

Connect your cloud

OAuth to GCP in under 60 seconds. No service account JSON, no manual configuration, no infra to run.

02

Flare analyzes your logs

Flare scans your audit log patterns and surfaces what doesn't fit. Ranked by severity, explained in plain English.

03

Investigate conversationally

Ask follow-up questions about any finding. "Why is this suspicious?" "What should I check next?" Flare remembers the full context.

A different model

No ingestion fees. Ever.

Traditional SIEMs charge by how much data you have. Flare charges by what you learn from it.

Traditional SIEMs

  • Ingest and store all your logs
  • Charge per GB ingested, forever
  • Your data lives on their servers
  • Compliance scope includes raw logs
  • Bills grow as your cloud grows

Flare

  • Logs stay in your GCP project
  • Flare analyzes it. Only findings stored.
  • Your raw data never touches our servers
  • Compliance scope dramatically smaller
  • Flat cost. Not tied to log volume.

Newer "no ingestion" entrants still require connecting to your existing SIEM stack and a complex federated setup. Flare takes 60 seconds. OAuth to GCP, done.

Built different

A completely different approach

LLM-first detection

No rules to write. No thresholds to tune. Flare understands context: rare IPs, odd timing, unusual operations.

Zero data retention

Your logs stay in GCP. We analyze on demand and store only findings. Never raw log data. Smaller compliance scope.

Ranked by impact

Every anomaly scored 0–100 with critical / high / medium / low tiers. Know exactly where to focus first.

Plain English, always

Not just a score. Every finding comes with a clear explanation you can act on or share.

Conversational follow-up

Chat with Flare about any anomaly. Context persists across your session and across page reloads.

No ingestion fees

Flat pricing. Not tied to log volume. Bills don't grow as your cloud grows.

Ready to get started?

Connect your GCP project. No credit card required.

Get startedSee live demo →

GCP Audit Logs · No credit card · AWS & Azure coming soon