# Vulnerabilities

## What is a vulnerability card?

Vulnerabilities are the weaknesses in systems, exploited by [Threat Actors](/the-threat-library/threat-actors.md), often using [malware](/the-threat-library/malware.md). Tracking vulnerabilities is useful, especially if they are in systems and assets you are managing, because it helps prioritize vulnerability management programs. If you can easily track, for example, which vulnerabilities are actively exploited right now, in the wild, then that may help you provide some direction to what to patch first, and what can wait.

## How to create a vulnerability card

#### Creating Vulnerabilities in the workbench

* Go to the [Workbench](broken://spaces/56f9evYVURi6SAGI5JIC/pages/ZV5tojeCmpzTyFnhTt3n#the-workbench) in the sidebar ([go there now with this link](https://platform.liberty91.com/disco/workbench)) 
* Scroll down to 'Vulnerabilities'
* Type in the name or code of the Vulnerability you want to create, click on 'create'
* Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Vulnerability
* Don't forget to tune its [criticality](/what-is-liberty91/key-concepts.md#criticality)

<figure><img src="/files/v9Pg2ygNS6HNX7xTtRYs" alt="" width="375"><figcaption><p>creating a new vulnerability in the workbench is easy</p></figcaption></figure>

#### Creating a Vulnerability in the Vulnerability Overview

1. Go to 'Vulnerabilities' under your Threat Library in the [sidebar](broken://spaces/56f9evYVURi6SAGI5JIC/pages/ZV5tojeCmpzTyFnhTt3n#the-sidebar). You may have to scroll down a bit.
2. The top-left card is green, and shows a plus-sign. Type in the name of your new vulnerability and click 'create'.
3. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Vulnerability
4. Don't forget to tune its [criticality](/what-is-liberty91/key-concepts.md#criticality)

<figure><img src="/files/mf27IvCdu9ZqvAT5Zh5r" alt="" width="563"><figcaption><p>simply provide a name or code in the green top-left box</p></figcaption></figure>

#### Creating a Threat Actor based on a Suggestion

Sometimes, Liberty91 will suggest new Threat Actors, Malware of Vulnerabilities for in your Threat Library. These are based on events in your dashboards. When you see one that you'd like to keep tracking, just click on it and Liberty91 will collect the relevant reporting and generate a relevant and accurate description for you.

1. Find the 'Suggested Vulnerabilities' in an Event Card. They are on the side, under the Analysis and the Threat Library Links that already exist.
2. Click on the Vulnerability you want to create a card for and track
3. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Threat Actor
4. Don't forget to tune its [criticality](/what-is-liberty91/key-concepts.md#criticality)

<figure><img src="/files/iEbsaUDO8qAqWonE2q8h" alt="" width="323"><figcaption><p>Clicking on FunnySwitch (for example) would create a new threat card in your Threat Library</p></figcaption></figure>

## Aliases

Vulnerabilities can go by codes, identifiers and nicknames. The vulnerability CVE-2024-4323 for example, is also known as 'Linguistic Lumberjack'. You don't want to create multiple Vulnerability Cards for the same thing, so having a Vulnerability Card named 'Linguistic Lumberjack' with Alias 'CVE-2024-4323' helps capture mentions of both, under the same card.

## What is on a vulnerability card?

When you first create a vulnerability card, there will be nothing on it. That's because Liberty91 is still collecting relevant reporting and learning as much as it can about your new vulnerability.

<figure><img src="/files/FJwPfbYjTLVdQFeqFj6R" alt="" width="563"><figcaption><p>When you create a new vulnerability, there will be nothing to see initially</p></figcaption></figure>

But once Liberty91 has found relevant reports, it will create a custom, relevant and up-to-date analysis for you, telling you exactly what it is and how it applies to you. If you want to update this (perhaps because new reporting has come out), just click on 'update description'.

<figure><img src="/files/yL1tUtAqJVmhh2QAUofT" alt="" width="563"><figcaption><p>A custom, up-to-date and relevant analysis</p></figcaption></figure>

Additionally, any relevant reports are nicely categorized under the description:

<figure><img src="/files/qqorYEQ9XSxVy4SMAfwb" alt="" width="563"><figcaption><p>all relevant reporting on this vulnerability</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.liberty91.com/the-threat-library/vulnerabilities.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.