There is a lot to see and explore in scoutPRIME's User Interface. Take the time to become familiar with the various features and actions available at your fingertips.
This section of the guide provides an introduction to the items in the navigation bar and the landing page so that you can start using the tool as quickly as possible, including:
The Top Navigation Bar
The top navigation contains the following items and what they do:
LookingGlass logo - Acts as the "Home" button, allowing you to return to the landing page when you click it.
The + (plus sign) - Allows you to create a new workspace.
Down arrow - It's a drop-down menu to switch to a different workspace.
Search
All - Allows you to search for an online asset/element. You can search by domain name (FQDN), IP address (IPV4 or IPV6), CIDR4 and CIDR6, ASN, and Owner.
Map - Allows you to see the geolocation(s) of the online asset.
Reverse Whois - Allows you to search for domains by the name, address, telephone number, email address or geolocation of the registrant listed in current or historical Whois records.
Associated Threat - List of any Threats associated with an online asset/element.
Triangle icon - A number will display below it if you receive any notification to your system.
Refresh icon - Refreshes the results on a page.
Your username - This is a drop-down menu that allows you to Logout, but also view these sections:
About
Admin (for user, organization, group, and workspace management),
API Tokens (to manage API tokens)
Change Password
TIC Configuration
Help (user documentation)
Feedback.
โ
The Main Navigation
Workspace - Provides visual snapshots of an organization's workspace for a quick overview of the various statuses of All Collections.
Collection Health - Provides visual snapshots of an organization's collection(s) for a quick overview of their overall health (the criticality of any risks and vulnerabilities).
Collection Management - Allows you to view severity levels, TIC scores, associated owners, and classifications for each saved collection. You can also click on the various Elements to view or review them in the Element Details section.
Element Details - Provides relevant risk information for an element in a collection. Elements include: Domain names (FQDN), IP addresses (IPV4 or IPV6), CIDR4 and CIDR6, ASNs, and Owners.
Reports - This is the section of scoutPRIME that allows you to create and schedule summary reports on how your collections are doing as well as daily activities of Threat associations.
Gear icon - This is a drop-down menu where you can choose to view:
System Metrics which presents statistical information about Threats and Threat associations.
Notifications can be used to create, edit, and delete notifications on your system, and view a log of notifications triggered by set parameters.
The New Workspace Dashboard (v2023.1.C)
The workspace dashboard offers visual snapshots of various statuses for the collection(s) it contains, including TIC scores and criticality levels.
NOTE: If a workspace is new and doesn't contain collections, there will not be data shown on the various dashboard sections.
Let's examine what information each dashboard section provides:
Overall Risk Score
This section provides an overall TIC or risk score for all the collections that exist in the workspace.
The example above shows an overall score of 86 for all the collections in the Acme LTD Workspace. Similarly, your collections will also get a combined TIC score.
โTIC History shows activity in the past seven days. This graph can help you visualize the daily criticality level for all combined workspace collections.
You can also click See All Collections to get access to a complete list of all workspace collections.
Critical and Elevated Collections
This section will display the collections in your workspace that are elevated and most critical, as well as their corresponding TIC score. The horizontal bars may display the following colors:
Color | Level |
Red | Critical |
Orange | Elevated |
Green | Low or normal |
The graphic will also show how the criticality level has increased (e.g., Up 54.5%) or decreased (e.g., Down 2.9%) over the past seven days.
Collections Overview
The Collections Overview's donut graph offers a glimpse into which element types are most common in your collections. Element types include, ASNs, FQDNs, Owners (or Registrants), IPs, and CIDRs.
Associations by Risk Category
Associations by Risk Category will show the types of vulnerabilities or threats that are most prevalent in your collections and/or member elements. Some of these risks can include, vulnerable services, botnet infections, etc.
Pinned Collections
Pinned Collections section will display the top three collections in your workspace. Each set will include:
The name of your collection
The collection's overall Risk or TIC Score
New Risk Associations (threats or vulnerabilities) and corresponding TIC score
The TIC score for elevated elements in the collection
And, the date of discovery or system scan
To view view more details about the collection, click See Collection. To view all threats and vulnerabilities, click View All Associations.
To select which collections you want displayed under Pinned Collections whenever you log in, click Select Collections and make mark the checkbox. You can also look for the collection(s) in the search box. Click Reset to uncheck all boxes.
