LookingGlass Cyber

Any search you conduct on scoutTHREAT can be saved as a Threat Query.

1. First, navigate to Search and type in the keyword(s) for the data you are looking for in the search box. The button for saving as a Threat Query will be enabled once you start typing and any results in the system will be returned.

2. After performing your search, click on Save as Threat Query.

NOTE: You can still save your search even if no results were returned.

3. A pop-up window will be displayed asking you to enter a name for your Threat Query. When you are done, click

4. Next, confirm your threat query was saved by navigating to Workflow then to Threat Queries. A list of previously saved queries will be displayed, look for the one you created.

5. In this example, a query was created for a threat actor named *Red Pill Robots* and it's listed on the Threat Queries page.

6. Click on *Red Pill Robots* to see the contents of the Threat Query. When the page loads the query as well as any matching intelligence items will be listed. In this example, an Information Report was added about *Red Pill Robots* and it populated the table.

You can make it a task to regularly check what has populated a Threat Query's page and use the intelligence items to complete reports, object profiles, etc.

___________________________________________________________

<a href="https://support.lookingglasscyber.com/en/articles/6182615-scoutthreat-threat-queries-overview" target="_blank">Threat Queries</a>

<a href="https://support.lookingglasscyber.com/en/articles/6182639-scoutthreat-creating-tice-environment-threat-queries" target="_blank">Creating TICE Environment Threat Queries</a>

<a href="https://support.lookingglasscyber.com/en/articles/6182640-scoutthreat-editing-threat-queries" target="_blank">Editing Threat Queries</a>

<a href="https://support.lookingglasscyber.com/en/articles/6182670-scoutthreat-workflow-example-threat-queries" target="_blank">Workflow Examples: Threat Queries</a>

- <a href="https://support.lookingglasscyber.com/en/articles/6182615-scoutthreat-threat-queries-overview" target="_blank">Threat Queries</a>
- <a href="https://support.lookingglasscyber.com/en/articles/6182639-scoutthreat-creating-tice-environment-threat-queries" target="_blank">Creating TICE Environment Threat Queries</a>
- <a href="https://support.lookingglasscyber.com/en/articles/6182640-scoutthreat-editing-threat-queries" target="_blank">Editing Threat Queries</a>
- <a href="https://support.lookingglasscyber.com/en/articles/6182670-scoutthreat-workflow-example-threat-queries" target="_blank">Workflow Examples: Threat Queries</a>

<a href="https://support.lookingglasscyber.com/en/articles/6177471-scoutthreat-user-documentation-table-of-contents" target="_blank">scoutTHREAT User Documentation Table of Contents</a>