You can create a collection in the following ways:

You can create an empty collection and manually add IP addresses and FQDNs that you already know you care about. This is done by adding Rules to the collection.

You can also add high-level elements like Owners and ASNs, which scoutPRIME will automatically populate with lower-level elements like IP ranges and FQDNs.

To create a collection manually, follow these steps:

1. Navigate to Collection Management, then click on the + (plus sign) at the top of the Collections list. Note that the collection is empty.

2. Give the collection a Name, Description, and assign a user(s) that will manage it. When you are finished, click Add.

3. The new collection will now display on the page. Note that the collection is empty and there are no elements that are members of it.

You can add elements, by clicking the Rules link on the top of the page, next to the collection's name.

4. Now, type a keyword, an IP address, CIDR, or ASN, then select what you want from the drop-down menu.

5 When you are done, the element will be listed on the page, and there will be a number inside the parenthesis next to Collection Rules.

You can delete the Rule selecting it from the list, then clicking on Actions and selecting Remove Rule.

When you return to the collection, you will see the number of Rules in the collection, as well as its element type (e.g., IPv4, ASN).

Any set of search results can be saved as a collection using the Include in Collection function in the Actions menu of the Search screen.

To create a collection from a set of search results, follow these steps:

1. Enter a query in the Search field.

2. In the search results screen, select the elements that you want in the collection manually or check the Select All checkbox at the top of the list of search results.
​

3. From the Actions drop-down menu in the top right corner of the Search screen, select Include in Collection.

4. Click the create a new collection link.

5. Enter the collection name in the Name, a brief description of the collection in the Description field.

If you select, Parent Collection the collection will be created as a nested collection.

6. Click the Save button.

7. Navigate to Collection Management to view your new Collection.
​

NOTE: The system might take several minutes to populate the Collection depending on the number of Elements added at one time.

.. _collections_creatingnested:
​

You can build collections by uploading or importing a list of elements to scoutPRIME via CSV.

The CSV file must have a header row with: element type and the element name. The items should be separated by commas.

Sample Formatting:

Type, Name

asn,39981

cidrv4,10.1.0.0/24

fqdn,www.google.com

ipv4,172.16.254.1

To import a set of rules from a CSV file into a collection, follow these steps:

1. Create an empty collection.

2. Open the collection in the Collection Management screen.

3. Click the Rules link next to the collection name. For details on how to execute Steps 1-3, see Creating an Empty Collection and Manually Adding Elements.

4. From the Actions drop-down menu in the top right corner of the screen, select Import. The Import Include Rules (CSV) screen appears.
​

5. Click the Select CSV link in the top right corner of the screen. Select the CSV file containing the elements you want to import. The elements from the file will appear in the Import screen.
​

6. Click the Save button to import the set of rules into the collection. The imported rules are listed in the Rules screen for the collection.
​

A more powerful method of manually creating a collection is to add top-level items like an Owner, or an ASN, at which point scoutPRIME will automatically identify the CIDRs and Ips based on that high-level element using a process called Ownership Footprinting. scoutPrime will automatically set up risk associations for those dependent elements.

Ownership footprinting simplifies the process of mapping a network. Adding an owner to a Collection dynamically populates the Collection with all threats with network Elements registered to that company/entity. After assigning this owner to a Collection. Owners can be assigned to more than one Collection at a time.

When Collection membership appears on the Element Details page, members either have Inherited Membership, or Direct Membership in the Collection. Inherited membership indicates the networked Element was added because it belongs to a larger networked Element. Direct membership demonstrates a particular network Element was selected and added to the Collection.

To add an owner or an ASN to the collection, follow these steps:

1. Type text into the Search field at the top of the screen and hit the ENTER key.

2. In the TYPES field to the left of the search results, select Owner and ASN.
​

3. Type a full or partial name into the search field below the navigation bar, and scoutPRIME will do a search-as-you-typequery and display the owners and ASNs whose names contain the specified text.

​

4. In the search results, check the owners or ASNs that you want to add to the collection.

5. From the Actions drop-down menu in the top right corner of the Search screen, select Include in Collection. The Include in Collection screen appears.

​

6. Select the collection to which you want to add the owners/ASNs from the

Collection list. When you are done, click Save to add the selected owners and ASNs to the collection.

When you return to the Collection Management screen, and look at the collection, you will see that not only have the Owners and ASNs been added to the collection, but a number of CIDRs, FQDNs, and IPs associated with those elements have been added as well.