Flare connects to your GCP Audit Logs and uses Claude AI to surface anomalous patterns — unusual IPs, privilege escalations, permission spikes — ranked by severity, explained in plain English.
SetIamPolicy was called 847 times in this window vs. a baseline of 3/day. A single service account granted Owner access to 12 production projects at 2:14 AM.
Source IP is a known Tor exit node (Proofpoint dataset). First appearance in 90-day history. All 23 API calls succeeded — no PERMISSION_DENIED responses.
PERMISSION_DENIED errors spiked to 340 in 15 minutes — 98× the daily average of 3.5. Suggests automated credential stuffing or misconfigured service account.
How it works
Link GCP Audit Logs via OAuth in under 60 seconds. No service account JSON keys, no manual configuration.
Our AI reads your audit log patterns and surfaces the fields and values that don't fit — ranked by severity.
Chat with Flare directly about any anomaly. "Why is this suspicious?" "What should I check next?"
Built different
No static rules. No thresholds to tune. Claude understands context — rare IPs, odd timing, unusual operations.
GCP Audit Logs native today. AWS CloudTrail and Azure Activity Logs coming soon.
Every anomaly comes with a clear explanation. Not just a score — a story you can act on.
Ask questions about any finding. Flare remembers the full analysis context across your conversation.
Your log data is analyzed in-transit and never stored on our servers. Results only.
Anomalies scored 0-100 with critical/high/medium/low tiers. Know exactly where to look first.
Join the beta. Connect your GCP project and get your first anomaly report in under 2 minutes.
Start free beta →No credit card · GCP, AWS, Azure