TICE: Threat Intelligence Collaboration Environment (TICE). This is the cloud where intelligence data is ingested from a variety of sources and which can be downloaded to a tenant's scoutTHREAT systems. TICE is managed by the landlord.
TICE Module: The user interface for viewing, approving, rejecting, and sharing TICE intelligence items.
Landlord: LookingGlass Cyber Solutions
Tenant(s): Cyber threat intelligence analysts, product users
One of the main tasks that analysts use scoutTHREAT for is to create intelligence object profiles. The data to create these profiles can be added manually by the analyst and can also be added from the TICE cloud.
Using intelligence from TICE makes an analyst's job more efficient and effective. Without TICE, analysts have to spend a lot of time manually gathering intelligence from a multitude of sources, then having to sort through cluttered data for the information they need.
TICE is designed to ingest quality intelligence data from a variety of vetted sources, including from MITRE and MISP. TICE also ingests intelligence shared by tenants internal or external to the organization.
When an analyst creates a scoutTHREAT Threat Query for intelligence they need, the request is sent to the TICE cloud to download the data to the TICE Module. The analyst can then manually approve the cloud intelligence item(s) in order to download them to the scoutTHREAT local system. There are also ways to automate the download process.
The types of intelligence in the TICE cloud are object profiles (e.g., threat actor, malware, attack pattern objects, etc.), information reports, data feeds, and shared intelligence from tenants.
Validating Intelligence Items