To get you started with using scoutPRIME this workflow example will take you from creating a Workspace, to adding and saving your first Collection. Let's go!
1. To create a new workspace, go to the main navigation and click on the down arrow, next to the workspace's name. Then, click on Create Workspace+.
2. Next, give your workspace a unique Name and a Description. When you're are finished, click Create.
Great! You've created a new workspace - a clean environment where you can start running queries, analyzing elements, and adding or creating collections.
3. Now, we'll create a collection from search, so the first thing you need to do is run a query on an entity that's in your supply chain or is a third-party vendor.
For this example, let's look into a transportation company called "Mertz," which moves goods for Acme Industries.
With All pre-selected for us in Search, type in the name of the transportation company.
NOTE: scoutPRIME will make suggestions for your search query. If the exact entity name is not listed you can ignore the suggestions and just press Enter or click on the looking glass to continue with your search.
4. Search results will populate on the next page. You can scroll up or down the page until you find the entity you are looking for.
You can also use the filters on the left side of the page to help narrow down results. In this example, we'll use the Countries filter since the company we're interested in is headquartered in the United States.
5. Two results peak our interest because they have the name of the entity we're looking for in them. Let's drill down on the first one to examine it further.
6. Notice that the result opened up in the Elements Details page, this is because the result is a CIDRv4 element -- the IPv4 address is 220.127.116.11 with a subnet mask of 17.
The Element Details page provides us with the following information:
Statistics showing the number of Active Risks the element carries, also how many of our collections contain this CIDR, and how many days ago this element experienced any type of activity.
TIC Score - The level of risk the element carries based on scoutPRIME's algorithm. Plus, a graph showing points when the TIC score changed since there was activity.
Associations - Any Threats and Vulnerabilities listed on the left panel in blue.| -
Ownership - Current or past registrant information.
Any Collections that the IP address is a member of.
Any Notes from you or others in your team about the element.
7. Since what's on the Element Details page is very important information about the company, we can either go ahead and explore more elements on the page such as the ones under Ownership or, the Association on the left side panel in blue: "Expired SSL Certificate."
For this example, we'll create a collection from here.
Click on Actions near the top right corner of the page, and select Add to Collection from the drop-down menu.
8. The Include in Collection window will open - you can choose to add an element to an existing collection, but for this example we'll click to create a new collection.
9. Give the collection a Name and a Description. If you want this to be a nested collection, you can choose a Parent Collection for it.
For this example, we'll just click Save.
10. You should receive confirmation that your collection was created and that one element has been added to it. To check if the action was successful, navigate to Collection Management and see if the collection name appears on the left panel in blue.
In addition, the Collection Management page will provide you with the following information:
#1. How many elements are in your collection and what types. For example, in the above screen capture there is a 9 next to the CIDRV4 element type. This means that there are nine other CIDRV4 elements that are members of this collection. The CIDRs were added from the Ownership list in the screen capture for Step 6.
Note also that there is 1 in parenthesis next to the IPv4 element type. This is because the IPv4 address is part of the CIDRV4 element: 18.104.22.168/17
#2. The is a 1 in parenthesis under Rules. This means that so far there is only one rule for this collection and that is to add this CIDR type elements to it. You can edit rules to include other types of elements to the collection.
11. Let's dig a little deeper and examine the CIDRs in the collection. Click on CIDRV4 in the elements section.
12. Another page will open within the Collection Management feature. This page will list the nine CIDRs that are members of the collection with their corresponding TIC scores, Severity levels, and Associations (Threats and Vulnerabilities that the element carries).
From this page you can also choose to add more elements of the same type or different by clicking on the TYPES drop-down. You can also filter elements by their TIC score by using the slider. And, you can click on Export to download the list to your computer or workstation.