Keywords

Keywords are a first filter to determine if an Event is relevant for you. For every Company Cluster you create, Liberty91 creates dozens of complex, security specific regex keywords that do a lot of the monitoring for you. You don't have to worry about them at all. Just know they exist. You can view them under the 'Keywords' menu in the sidebar (you may have to scroll down a little bit).

having hundreds of complex regex keywords is not uncommon

Keywords have a description and a value (often a regex). The value is what is used for the monitoring, and the description is what you will see in the 'tag' on your dashboards. If any of those keywords is too noisy, you can simply delete it here as well.

Be careful with acronyms or high-frequency, generic keywords. a set of keywords around 'google', for example is likely going to be very noisy.

Keywords pop-up on your dashboards and in your morning reports if they match with an event. They show as grey tags, which lets you know that these assets are mentioned, and in what context.

although not obvious from the title, this event talks about WordPress and FileZilla in a security context

In any cluster, you can bulk-create more of those complex regexes, by just providing a keyword. For example: if you have a region-cluster for 'The Netherlands', you may want to add 'Holland'-keywords as well. This makes sure you capture all events that mention the country in a security context.

this action will add approx. 26 complex regexes around the keyword 'down under' to the Australia cluster

PreviousVulnerabilities

Last updated