Liberty91 Documentation
The Threat Library
The Threat Library
  • Getting started with the Threat Library
  • Threat Clusters
  • Threat Actors
  • Malware
  • Vulnerabilities
  • Keywords
Powered by GitBook
On this page
  • What is a threat cluster?
  • How to create a threat cluster card
  • What is on a threat cluster card?

Threat Clusters

PreviousGetting started with the Threat LibraryNextThreat Actors

Last updated 1 year ago

What is a threat cluster?

Threat Clusters are a logical grouping of , , and/or . You can find your threat clusters via the or the (you may have to scroll down).

How to create a threat cluster card

You can create Threat Clusters by doing one (or more) of the following:

What is on a threat cluster card?

A Threat Cluster Card shows you all the events related to all the entities in that cluster. It is then able to do an overarching analysis over all those events, to give you a more strategic-level analysis.

  4. The Edit button, to edit the Cluster

  5. Update Description. This button is extremely useful. Note how the current description is very boring and generic. By clicking on the 'update description' button, Liberty91 will review and analyze all the events in your cluster, and then do an 'analysis-of-analyses' to provide you with a more strategic level analysis on cluster-level. Consider this updated, custom description

This was generated with a single click of a button. This is especially useful with evolving threats: if new events have occured since you've last updated the description, simply update it again, and it will consider all those new event. Gone are the days of outdated Threat Cards at vendor portals or in open source.

  2. Events. You can find all related events order chronologically here, complete with relevant tags.

  3. Threat Library Links. These show all the entities related to your Threat Cluster.

Under your Threat Library Links, you will find an option to bulk-add keywords. Liberty91 works with relatively complex regexes to act as a first filter. Those regexes are based on the keywords you provide. For example: if you have a cluster for 'The Netherlands', then you may want to also monitor for the keyword 'Holland'. Just provide that in the 'bulk add keywords' box to create them, without ever having to type any regex yourself.

The you have set for this Threat Cluster

The classification. This can be Threat (which makes it a Threat Cluster), or Asset, Attack-Surface, Supply Chain, Data, People, Company, Region, Sector or Other (which make it a ). Company Clusters and Threat Clusters are logically the same, they just cover different 'things' as it relates to your security posture. This difference is important for both the AI (it needs to understand how to interpret your assets vs your threats), and to keep the User Interface friendly.

Top Threat: if this cluster is a , this would say 'yes'

Delete. Bored of your Threat Cluster, or its not relevant to you anymore? Simply delete it. This will also delete associated , but will keep the Threat Actors, Malware and Vulnerabilities in your library.

keywords
go to my Threat Clusters
Threat Actors
Malware families
Vulnerabilities
Keywords
Company Cluster
Examples of Threat Clusters
A typical Threat Cluster in Liberty91
In this exampe, 'down under' keywords would be generated in the Australia cluster.
criticality
#manually-creating-a-cluster
#creating-clusters-with-the-excel-spreadsheet
#creating-clusters-with-a-.csv-file
#creating-threat-clusters-with-the-library-wizard
Workbench
sidebar
Top Threat