After a search, the Element Details page will breakdown the information obtained on an element into different sections.
Keep in mind that not all elements are the same (e.g., an IP address is not the same as an ASN), therefore the details returned will vary from element to element.
Here the full list of elements used in scoutPRIME:
ASN
Here are the element details that you will see after conducting a search for an ASN (Autonomous System Number).
Any Associations - Threats and Vulnerabilities
Ownership - Current or past registrant information|
Peer Relationships - View into upstream and downstream peers, as well as peer-to-peer relationships.
Saved Collections that the ASN is a member of
Notes from you or others in your team about the element
ASN in Element Details Page
IPv4 or IPv6 Address
Here are the element details that you will see after conducting a search for an IPv4 or IPv6 address.
Any Associations - Threats and Vulnerabilities
Ownership - Current or past registrant information
Saved Collections that the IP address is a member of
DNS History - Current or past DNS records
Host Enumeration - Shodan information of the element's network ports with their services, plus details about the entity that owns or owned the element.
Product Information - Displays product group (CPE) information for the selected IP and displays inferred vulnerabilities for those products.
WHOIS Information - An Internet record used to identify the owner of the element.
Hashes - If a malicious file (e.g., malware, spyware, a worm, trojan, etc.) is associated with the element, it will list its hash here. You can look up the hash on a website such as VirusTotal to tell you what the malicious file is and what it does.
Notes from you or others in your team about the element
Partial View of IPv4 in Element Details Page
Domain (FQDN)
Here are the element details that you will see after conducting a search for a domain name (FQDN).
Any Associations - Threats and Vulnerabilities
Saved Collections that the IP address is a member of
WHOIS Information
An Internet record used to identify the owner of the element.
Hashes - If a malicious file (e.g., malware, spyware, a worm, trojan, etc.) is associated with the element, it will list its hash here. You can look up the hash on a website such as VirusTotal to tell you what the malicious file is and what it does.
DNS History - Current or past DNS records
Notes from you or others in your team about the element
Partial View of FQDN in Element Details Page
CIDR
Here are the element details that you will see after conducting a search for a domain name (CIDR).
CIDR is the short for Classless Inter-Domain Routing, an IP addressing scheme that replaces the older system based on classes A, B, and C. A single IP address can be used to designate many unique IP addresses with CIDR. A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called the IP network prefix. CIDR addresses reduce the size of routing tables and make more IP addresses available within organizations. (Reference: ipaddressguide.com)
Any Associations - Threats and Vulnerabilities
Ownership - Current or past registrant information|
Saved Collections that the IP address is a member of
Notes from you or others in your team about the element
CIDRv4 in Element Details Page
Threats
Here are the element details that you will see when clicking on a Threat under the Associations panel.
Elements - A list of elements in the scoutPRIME's database that are also impacted by the Threat.
System Information - This section provides information about the Threat, including what systems it affects, description, information on detection, mitigation, and more.
Threat Properties - Based on your research and analysis, you may determine that a Threat represents greater or less risk to your organization. When this happens, you can adjust the current Threat score in the system to better reflect the level of risk. You can change the overarching TIC score. Or, you can adjust the TIC score properties individually for the source, criticality, or classifications. The number of affected Elements vary from Threat to Threat.
Associated Collections - This section contains information on which of your collections contains the element impacted by the Threat. If a number exists in parenthesis next to the section title, it indicates how many collections in your system (all Workspaces) carry the same risky element.
Hashes - If a malicious file (e.g., malware, spyware, a worm, Trojan, etc.) is associated with the element, it will list its hash here. You can look up the hash on a website such as VirusTotal to tell you what the malicious file is and what it does.
Notes - Here you can view notes others or you have created about this Threat. You can also add a new one by clicking the + (plus sign) icon on the section's top right corner.
Partial View of a Threat in Element Details Page
Vulnerabilities
Here are the element details that you will see when clicking on a Vulnerability under the Associations panel.
Elements - A list of elements in the scoutPRIME's database that are also impacted by the Vulnerability.
System Information - Provides the full name of the Vulnerability, its CVSS score, and the CVE number.
Vulnerability Properties - This information includes TIC scores for the Vulnerability, the Source where the CVS information came from, its classification, and Criticality.
Based on your research and analysis, you may determine that a Vulnerability represents greater or less risk to your organization. When this happens, you can adjust the current Vulnerability score in the system to better reflect the level of risk. You can change the overarching TIC score. Or, you can adjust the TIC score properties individually for the source, criticality, or classifications. The number of affected Elements vary from Vulnerability to Vulnerability.
Associated Collections - List of saved collections that carry the element with the said Vulnerability.Notes - Here you can view notes others or you have created about this Vulnerability. You can also add a new one by clicking the + (plus sign) icon on the section's top right corner.
Partial View of a Vulnerability in Element Details Page
Related Content