Let's imagine a scenario where the evening news reports a cyber attack by a Threat Actor called Society of Doom which targets organizations in your sector. As an analyst, you would want to gather as much information as possible about this hacker group.
1. Start by doing a search on scoutTHREAT to look for already existing data about the group in your system or with TICE Environment enabled.
2. If few or no results return on the subject, you can save the search as a Threat Query.
3. After saving the Threat Query, you can navigate to Workflows -> Threat Queries and click on Run Now from the list. Once triggered, the Threat Query cues TICE to start pulling data from the cloud about the group.
4. Next, you would want to log in to the TICE Module to check if any intelligence data about *Society of Doom* has been shared with you by the landlord and tenants.
NOTE: Intelligence items are listed from oldest to newest, so make sure you use the pagination arrows to navigate to the last page to check for new results.
If any results about the hacker group are on the Validation list, you can click on Review to view the information.
5. When you click Review you will see information about the intelligence data item that interests you. If you would like the item to download to scoutTHREAT click Approve.
6. Now, go back to scoutTHREAT and navigate to the Threat Actors page. The item you downloaded from TICE should now appear on the list.
Validating Intelligence Items