Event Cards
Every Event has its own event card. But what can you find there?
Last updated
Every Event has its own event card. But what can you find there?
Last updated
Event Cards show the content of the Event, as well as an alaysis and some metadata:
A link back to the Recent Threat Dasboard
The name of the source
The timestamp of the event
A custom analysis of the event, contextualized to your organization
A delete-button. This will remove the event from your Liberty91 Instance
A button to push the event to MISP. You need to turn this on in the .
A link to the source of the event
A share-button to share this event on your socials, or paste it in a note-taking app like Notion
Links to entities in the Threat Library. Liberty91 automatically associates relevant events with the entities in your threat library.
Click on this 'x' to remove this event from this Threat Card.
These dropdowns allow you to link this event to any entity in your Threat Library. Events are then also added to Threat Clusters automatically, through inheritance. For example: an event that's linked to Threat Actor 'Fancy Bear' will also show up under Threat Cluster 'Threats from Russia', if Fancy Bear is part of that Threat Cluster in your Threat Library.
Suggested Threat Cards. These are Threat Cards not yet present in your Threat Library, but are mentioned in the text of this article or event. If you click on them, Liberty91 will automatically create a card, collect all relevant sources and write a description for you.
Liberty91 automatically checks for any mentions of any of your Threats or Company Clusters, and links them for you. This means that you can find this event under the relevant threat cards, but you can also see the links in the Event Card on the side panel on the right. (or below on the app). In this case, the Threat Actor 'MuddyWater' was mentioned in the article.
Liberty91 does two cool things. It does a custom analysis for you, and it suggests new threat cards for in your library.
In many cases, Liberty91 will have already analyzed the event for you. This is an analysis of the event, contextualized to your organization. If the analysis has not been generated yet, you can click on the purple button to generate one.
If you don't like the analysis for some reason, or if you have added new threat cards after the analysis was generated, you can click on the purple 'redo analysis' button, and it will consider your new threat cards as well, while re-analyzing the event.
Click on the 'edit' button in the Threat Library side panel to make changes manually. You don't really need to go here though; most changes can be made straight from the Event Card.
You can link threat entities in bulk to your threat card:
Suggested Threat Cards (12) are threat actors, malware families or vulnerabilities found in the text by Liberty91, that don't yet exist in your . If, based on this new event, you want to start tracking any of these, you can simply click on the ones you want. This will generate a new threat card for you in your Threat Library, with a description based on the events Liberty91 finds related to it.
Choose any you want to link to this event. Hold the control-button (command on mac) to select multiple threat actors.
Choose any you want to link to this event. Hold the control-button (command on mac) to select multiple malware families.
Choose any you want to link to this event. Hold the control-button (command on mac) to select multiple vulnerabilities.
Change the criticality of this event. is inherited from the most critical entity linked to this event, but you can manually change it here.