Let's imagine a scenario where you are looking for content on a Threat Actor named Croc Squad, but no information exists locally and you want to pull intelligence from the cloud.
1. First, save your search as a Threat Query with TICE Environment enabled.
2. Navigate to the Threat Queries page under Workflow.
3. Look for your query on the list, then click Run now for the query to be triggered and to start pulling intelligence about Croc Squad from the landlord and other tenants.
β
NOTE: TICE runs and refreshes frequently, so it is likely that you will see results from your queries in about 15 minutes.
4. To view intelligence data that matches your search, navigate to the TICE Module, then to the Validation page.
5. To download data items to your scoutTHREAT system, you must follow the TICE Module validation process to Approve or Reject the data.
For the steps on validating intelligence data on TICE, see Validating and Adding New TICE Intelligence to scoutTHREAT.
β
NOTE: You can create rules in the TICE Module to by-pass the approval process and automatically download data. For more information, see :The TICE Rule Manager.
6. Once you have downloaded intelligence data items from the TICE Module, those items will populate various areas of scoutTHREAT depending on what they are. For example, if you downloaded a Threat Actor object profile from TICE, you would now see that profile in your scoutTHREAT Threat Actors section.
βIn Brief
Related Content