# Event Cards

<figure><img src="/files/gJThKj7M4wU4rT6sK4Oa" alt=""><figcaption><p>A typical Event Card</p></figcaption></figure>

Event Cards show the content of the Event, as well as an alaysis and some metadata:

1. A link back to the [Recent Threat Dasboard](/dashboards/recent-threats-dashboard.md)
2. The name of the source
3. The timestamp of the event
4. A [**custom analysis**](#custom-analysis) **of the event**, contextualized to your organization
5. A delete-button. This will remove the event from your Liberty91 Instance
6. A button to push the event to MISP. You need to turn this on in the [MISP Module](/modules/production-modules/the-misp-module.md).
7. A link to the source of the event
8. A share-button to share this event on your socials, or paste it in a note-taking app like Notion
9. [Links to entities in the Threat Library](#threat-library-and-company-cluster-links). Liberty91 automatically associates relevant events with the entities in your threat library.
10. Click on this 'x' to remove this event from this Threat Card.
11. These dropdowns allow you to **link this event to any entity in your Threat Library**. Events are then also added to Threat Clusters automatically, through inheritance. For example: an event that's linked to Threat Actor 'Fancy Bear' will also show up under Threat Cluster 'Threats from Russia', if Fancy Bear is part of that Threat Cluster in your Threat Library.
12. **Suggested Threat Cards**. These are Threat Cards not yet present in your Threat Library, but are mentioned in the text of this article or event. If you click on them, Liberty91 will automatically create a card, collect all relevant sources and write a description for you.

<figure><img src="/files/1kj9LqnRflHIFrQ2QHJh" alt="" width="375"><figcaption><p>Threat Library Links</p></figcaption></figure>

### Threat Library and Company Cluster Links

Liberty91 automatically checks for any mentions of any of your Threats or Company Clusters, and links them for you. This means that you can find this event under the relevant threat cards, but you can also see the links in the Event Card on the side panel on the right. (or below on the app). In this case, the Threat Actor 'MuddyWater' was mentioned in the article.

### Analysis & Suggestions

Liberty91 does two cool things. It does a custom analysis for you, and it suggests new threat cards for in your library.

#### Custom Analysis

In many cases, Liberty91 will have already analyzed the event for you. This is an analysis of the event, contextualized to your organization. If the analysis has not been generated yet, you can click on the purple button to generate one.&#x20;

<figure><img src="/files/E4hFWH8tL5Mms8JcAOv6" alt="" width="174"><figcaption><p>click on this button to generate an analysis</p></figcaption></figure>

If you don't like the analysis for some reason, or if you have added new threat cards *after* the analysis was generated, you can click on the purple 'redo analysis' button, and it will consider your new threat cards as well, while re-analyzing the event.

<figure><img src="/files/4dC1sxwlf3oqZkZOrmIx" alt="" width="321"><figcaption><p>Liberty91 analyses if and how this event is relevant to us</p></figcaption></figure>

#### Suggested Threat Cards

Suggested Threat Cards (12) are threat actors, malware families or vulnerabilities found in the text by Liberty91, that don't yet exist in your [Threat Library](https://docs.liberty91.com/the-threat-library/). If, based on this new event, you want to start tracking any of these, you can simply click on the ones you want. This will generate a new threat card for you in your Threat Library, with a description based on the events Liberty91 finds related to it.

### Making changes

Click on the 'edit' button in the Threat Library side panel to make changes manually. You don't really need to go here though; most changes can be made straight from the Event Card.

<figure><img src="/files/5z440wqd3dctbwbBkUQn" alt="" width="375"><figcaption><p>things you can change in a threat card</p></figcaption></figure>

You can **link threat entities in bulk** to your threat card:

12. Choose any [threat actors](/the-threat-library/threat-actors.md) you want to link to this event. Hold the control-button (command on mac) to select multiple threat actors.
13. Choose any [malware families](/the-threat-library/malware.md) you want to link to this event. Hold the control-button (command on mac) to select multiple malware families.
14. Choose any [vulnerabilities](/the-threat-library/vulnerabilities.md) you want to link to this event. Hold the control-button (command on mac) to select multiple vulnerabilities.
15. Change the criticality of this event. [Criticality](/what-is-liberty91/key-concepts.md#criticality) is inherited from the most critical entity linked to this event, but you can manually change it here.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.liberty91.com/dashboards/event-cards.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.