Glossary.
This glossary defines the key terms used across Liberty91, each in a sentence or two. Where a fuller explanation exists, the term links to its own page. Terms are grouped alphabetically.
A
Admiralty scale
A long-standing intelligence convention, also called the Admiralty code, that rates source reliability from A to F and information credibility from 1 to 6. Liberty91 uses it to weight what it learns from each Event. See Source reliability and confidence.
Alert
A rule you set up so that you, your Stakeholders, or downstream systems are notified the moment an Event matches criteria you care about, such as a particular Threat Actor, sector, or source country. See Set up automatic alerting.
Asset
A technology hosted by an Organization, defined by vendor, product, version, and where it is hosted. Assets describe an Organization's attack surface and help surface relevant threats. See Assets and hosts.
C
Collection
A group of Threat Entities you bucket together under a single topic, such as ransomware operators from Russia or infostealers. Liberty91 finds or creates the relevant entities, links them, and writes a description of the topic as a whole. See Collections.
Criticality
The priority you assign to a Threat Entity, Intelligence Requirement, Asset, or Supplier, from baseline through to emergency. An Event inherits the highest criticality among the entities it mentions, which drives its place on the Critical Threats dashboard.
E
Enrichment Opportunity
A prompt that appears when an Event contains an IOC that an enabled Module (such as MISP, OTX, CrowdStrike, or Group-IB) has matched to a known malware or Threat Actor, letting you create a follow-up Threat Card from that link. See IOC enrichment and decay scoring.
Event
Every "thing that happens" in Liberty91 is an Event: an open source news report, a vulnerability report, a vendor report, an X post, a dark web post, and so on. As an Event arrives it is enriched for IOCs, MITRE ATT&CK techniques, and Threat Entities, and checked against your profile. See Threat Events.
I
Intelligence Package
A tailored intelligence product generated for a specific Organization, found under that Organization's Intelligence Packages tab. Once generated, you can review, edit, and stage it for mailing to your Stakeholders.
Intelligence Requirement
A threat topic of material interest that tells Liberty91 what to prioritise and report on, drawn from the Intelligence Library or created by you. A dedicated agent learns each one from every relevant Event. See Intelligence Requirements.
IOC (Indicator of Compromise)
A technical artifact such as an IP address, domain, or file hash extracted from an Event. Liberty91 gives each IOC a score and confidence rating, and enabled Modules can enrich it with further context. See IOC enrichment and decay scoring.
M
Mailroom
The area where you track all the intelligence you have shared with your Stakeholders, broken down by time range and Organization, with delivery status for each report. Admins and Owners also manage email templates here. See The Mailroom.
Malware
A type of Threat Entity representing a malicious software family, tracked in your Threat Library with its aliases, description, and linked reporting. See Threat Entities.
MITRE ATT&CK
A public knowledge base of adversary tactics and techniques. Liberty91 identifies the techniques described in each Event and explains how each was used in the campaign reported.
Module
An integration you turn on to extend the platform. Collection Modules pull in reports and data, analysis Modules enrich incoming data such as IOCs and Assets, and production Modules send your intelligence out to other systems. See How Modules work.
Morning Report
A scheduled digest sent to Users and subscribed Stakeholders at a time you choose, covering news relevant to an Organization and optionally including IOC lists, STIX bundles, and SIGMA rules. See Customize your Morning Reports.
O
Organization
A company, government entity, or business unit you protect, used to customize the intelligence the platform generates. Liberty91 builds and maintains a dedicated agent for each one, trained on its country, sector, Assets, Suppliers, and Documents. See Organizations.
S
SIGMA rule
A generic, shareable detection rule format. Liberty91 can include available SIGMA rules in Morning Reports and Intelligence Packages when you select them for an Organization.
Stakeholder
A person in an Organization who receives your intelligence products, with an optional role and interests that let the platform tailor Alerts and reports to them. See Stakeholders.
Standing Intelligence Requirement
An Intelligence Requirement applied tenant-wide, so it covers every Organization in your account equally, rather than being assigned to specific Organizations. See Intelligence Requirements.
STIX bundle
A structured, machine-readable package of threat data. Liberty91 can produce a STIX bundle for an Event and send it to systems such as MISP through a Module.
Suggestion
A Threat Entity mentioned in an Event but not yet in your Threat Library, surfaced so you can click to create a Threat Card, which then gathers all related reporting and generates a description. See Threat Events.
Supplier
A third party in an Organization's supply chain, defined by name, criticality, and domain. Liberty91 maintains a description for each one, effectively a third-party threat profile. See Supply chain.
T
Threat Actor
A type of Threat Entity representing an adversary or intrusion set, tracked in your Threat Library along with its aliases, such as APT35 and Charming Kitten under one card. See Threat Entities.
Threat Card
The record for a single Threat Entity in your Threat Library, holding its name, aliases, criticality, description, timeline, TTPs, IOCs, and linked Events and entities.
Threat Entity
The collective term for the things you track in your Threat Library: Threat Actors, Malware, Vulnerabilities, and Collections. See Threat Entities.
Top Threat
A Threat Entity you flag as one of the handful you care about most, which then appears on the Top Threats dashboard for an at-a-glance management view.
V
Vulnerability
A type of Threat Entity representing a security weakness, tracked in your Threat Library with its description, linked reporting, and relationships to Threat Actors and Malware. See Threat Entities.