The Information Reports section of scoutTHREAT has an Entity Extraction feature which can pull data objects from the report's content, thus saving you valuable time.
Currently, the objects that scoutTHREAT can extract are IPv4, Pv6 addresses, and URLs.
To extract objects from the body of reports, follow these steps:
1. Select an Information Report from the list, then click the icon for Entity Extraction.
2. The Entity Extraction page will load. Select from the Extraction rule drop-down the type of object that you want to extract from the report's content.
3. Once you have selected the type of object to extract, click Extract.
4. If the object exists in the report, it will be listed on the page.
5. You can choose to export the extracted object to the Observables section, but first copy or note the ID number of the report from the URL address bar. You will need this number to identify the extracted object from the Observables section list. ID numbers have this type of pattern: "report--9f72f56c-2971-404b-93d4-cbd48c7dbfc8."
6. Next, checkmark the box next to the IP or URL address on the list of extracted object, then click Export to objects.
A small banner will display confirming that the extraction was exported to the Observables section. For more information on Observables, see Entity Extraction.
β
To view the extracted object, navigate to Observables and use the ID number you copied from Step 4 to find the object on the list.
NOTE: Use only the number portion of the ID to find the object.
Related Content
β
β