Liberty91 Documentation
The Threat Library
The Threat Library
  • Getting started with the Threat Library
  • Threat Clusters
  • Threat Actors
  • Malware
  • Vulnerabilities
  • Keywords
Powered by GitBook
On this page

Keywords

PreviousVulnerabilities

Last updated 1 year ago

Keywords are a first filter to determine if an Event is relevant for you. For every Company Cluster you create, Liberty91 creates dozens of complex, security specific keywords that do a lot of the monitoring for you. You don't have to worry about them at all. Just know they exist. You can view them under in the sidebar (you may have to scroll down a little bit).

Keywords have a description and a value (often a ). The value is what is used for the monitoring, and the description is what you will see in the 'tag' on your dashboards. If any of those keywords is too noisy, you can simply delete it here as well.

Be careful with acronyms or high-frequency, generic keywords. a set of keywords around 'google', for example is likely going to be very noisy.

Keywords pop-up on your dashboards and in your morning reports if they match with an event. They show as grey tags, which lets you know that these assets are mentioned, and in what context.

In any cluster, you can bulk-create more of those complex regexes, by just providing a keyword. For example: if you have a region-cluster for 'The Netherlands', you may want to add 'Holland'-keywords as well. This makes sure you capture all events that mention the country in a security context.

regex
the 'Keywords' menu
regex
having hundreds of complex regex keywords is not uncommon
although not obvious from the title, this event talks about WordPress and FileZilla in a security context
this action will add approx. 26 complex regexes around the keyword 'down under' to the Australia cluster