Release Version 12.4.0
May 6, 2022
LookingGlass scoutTHREAT v12.4.0 includes several important enhancements and functionalities, including:
A completely new User Interface (UI) which includes a dashboard with three customizable intelligence data lanes for quick browsing.
The integration of TICE to share intelligence data to the community, as well as features for automated validation, with appropriate permissions for manual deconfliction.
Improved features for workflows and intelligence data management, such as checklists, workbenches, entity extraction, and more.
New oAuth2 Single Sign-On Authentication with LookingGlass Suite.
The ability to set user permissions and roles (Executive, Analyst, Senior Analyst, Administrator)
New enhancements to search functions, including:
The ability to export data via CSV with custom fields filter
Enabled search function for local system and on TICE. Download data from other TICE users.
Ability to filter criteria
Enhanced Request For Information (RFI) section to create and edit content.
Enhanced Request For Information Section
New features for Information Reports, including:
Support of attachments, checklist, notes and opinions.
Entity Extraction on reports and attachments (IPv4 and URL).
Enhances to External References section to create and edit content.
New features for workbenches to support Checklists, Threat Queries, linked reports, and add/link RFIs.
Improved Workbench Section
New functions for handling Threat Queries locally and on TICE. And, automated searches.
Ability to create custom checklist templates and publish them to workbenches and reports.
STIX 2.1 supported Intelligence Objects: Attack Pattern, Report, Identity, Campaign, Location, Infrastructure, Indicator, Malware, Threat Actor, Tool, Vulnerability, Note, Opinions, and Observables (MAC address, IPv4, IPv6, URL, etc.).
Added Intelligence Objects
New scoutPRIME integration for sharing data between tools.
Added Threat Actor automated relationships via AILA (ML/NLP) to make an analyst's work more efficient.* New accessible and updated User Guide (HTML, PDF, Word), Release Notes, Bugs, Fixed Bugs, and API documentation.
TICE and TICE Module Highlights
New User Interface (UI) with a homepage that features information on intelligence items available for validation.
Ability to share objects through TICE between participating tenants.* Enable anonymization so only the landlord can see the actual source of the shared data.
Ability for TICE to support all STIX 2.1 objects available in scoutTHREAT including, Information Reports, Threat Actors, Vulnerabilities, Malware, Location, Indicators, Tools, Attack Patterns, etc.
Ability for tenants to run queries on TICE data.* Ability for tenants to subscribe to TICE data.
Ability for tenants to use the Rule Manager for sorting through the intelligence they need.
Feature to enable intelligence data items from subscriptions to be automatically and manually validated.
Ability for tenants to push data from scoutTHREAT to TICE (Cloud/Landlord).* Integration to support threat actor intelligence data from MITRE and MISP feeds.
Ability for data intelligence subscriptions based on Threat Queries.
API integration available (OpenAPI3) for potential 3th party integrations.
New user documentation (as a chapter in scoutTHREAT documentation).
No known issues for this release.
Full scoutTHREAT User Documentation