All Collections
LookingGlass scoutTHREAT Documentation
All scoutTHREAT User Documentation Articles
scoutTHREAT - Workflow Example: Adding an Identity Object
scoutTHREAT - Workflow Example: Adding an Identity Object

Steps for adding an Identity Object

B
Written by Benjamin Dewey
Updated over a week ago

Follow these steps:

1. Navigate to Information and click on Identity.


2. If any Identity objects already exist, you will see them listed on the page.

3. Click on Create New on the top right side of the page.

4. Just below the navigation you can enter an identity Name and a Description. On the right side of the page, you can add Details about the Identity.


It is optional to assign the identity a Role (e.g., CEO, Domain, Administrators, Doctors, Hospital, or Retailer).


You can select an Identity class (e.g., individual, group, organization, etc.) from the drop-down menu that appears after clicking on the field.


Selecting a Sector for the identity is optional. You can choose from any of the sectors listed in the drop-down menu. You can also create a new sector name by typing it in the field.

The Revoked flag is used for versioning. When set to Yes, it indicates that the object is no longer considered valid.

Use the Labels field to select associated labels.

Confidence is represented with a 0-100 numerical scale.

For more information on these fields, see the STIX 2.1 documentation.

5. It is also optional to enter contact information. Select the type of contact information you want to enter from the drop-down menu (e.g., phone number, email address, social media, etc.) and enter a Value. When you are finished, click Add Contact.

6. Make sure you click on the plus sign at the end of the field to save the Identity name.

7. After saving, you will see the object profile created. There will be three icons at the top of the page that allow you to take these actions:
​

#1. Deactivate

#2. Share on TICE

#3. Edit

Next, on the right side of the page under Information, you can view Details such as Audit which provides information about the object's ownership (e.g., Who created the profile, who last modified it, etc.)

9. You can proceed to adding any Notes that provide further context and/or to provide additional analysis.

  • Click on Add new.

  • Under Abstract, you can add a brief summary of the note content.

  • And under Content, you can type the content of the note.

When you are done, you can click Save or Cancel. You can add as many notes as needed to the Identity object.

New note added

10. Finally, you can add an Opinion which is a subjective assessment of the accuracy of the information on the report.

The opinion captures the level of agreement or disagreement using a fixed scale. The fixed scale also supports a numeric mapping to allow for consistent statistical operations across opinions.

  • Click on Add new.

  • Under Opinion click on the arrow for the drop-down menu and select your level of agreement or disagreement of the Identity object.

  • Finally, you have the option to include an Explanation for why you chose your level of agreement. For example, if an opinion of strongly-disagree is given, the explanation can contain the reason you disagree and what evidence you have for the disagreement.

  • Click Save when you are done to save your opinion, or Cancel. You can add as many Opinions as needed to your Identity object.


​ NOTE: According to STIX Version 2.1, sharing communities are encouraged to provide clear guidelines to their constituents regarding best practice for the use of Opinion objects within the community.

New opinion added

Related Content

scoutTHREAT User Documentation Table of Contents


​

Did this answer your question?