scoutTHREAT – Creating an Intrusion Set Object
B
Written by Benjamin Dewey
Updated over a week ago

1. To add a new Intrusion Set Object, navigate to the Intelligence drop-down menu, then Intrusion Set.

2. A list of existing Intrusion Set objects will be displayed, showing the Object’s Name, Type, and date Created, as well Created By, Modified On, and Modified By fields.

3. Click Create New at the top right corner of the form.

4. Enter a name and narrative description for the Intrusion Set Object.

5. The right-hand column of the form contains optional fields for Aliases, First seen, Last seen, Goals, Resource Level, Primary Motivation, Secondary Motivations, Revoked, Labels, and Confidence. For more information on these fields, see scoutTHREAT - Intrusion Set Objects Overview and the STIX 2.1 Documentation.

6. Click the plus sign (+) icon at the top center of the form to save the Intrusion Set Object

Saved Intrusion Set Object

1. Once saved, the Intrusion Set Object can be reviewed, edited, or enriched with a Relationship, External Reference, Note, or Opinion.

2. To edit the Intrusion Set Object, click the pencil icon at the top center of the form.

3. To add a Relationship, Click the Add link to the right of EXTERNAL REFERENCES. Typing in the Target or Source field will show all matching objects. Use the button between Source and Target to swap the fields. Next, select a Relationship Type, provide an optional Description, and click Add. For more information on relationships, see scoutTHREAT – Relationship Objects.

4. To add an External Reference, Click the Add link to the right of EXTERNAL REFERENCES. Typing in the field will show all matching objects. Click the intended object to fill the field and click Save. For more information on External References, see scoutTHREAT - Adding External References.

5. The Details tab in the right-hand column displays the manually entered information entered for the Object. The Audit tab displays the Source, date Created, date Modified, for the object, as well as the user name and modified timestamp for the user that created and last modified the object.

6. The Notes tab in the right-hand column displays any existing notes and allows a user to create new notes or read, edit, or delete existing notes. To add a new Note, click the Add new link and filling in the Abstract and Content fields. The Note can be edited or created with the pencil and trash can icons, respectively. For more information on adding notes, see scoutTHREAT - Adding Notes to Objects.

7. The Opinions tab displays any existing Opinions and allows a user to create new notes or read, edit, or delete existing Opinions. To add a new Opinion, click the Add new link, selecting an Opinion representing an analytical assessment and providing a narrative Explanation. For more information on Opinions, see scoutTHREAT - Creating Opinions.


Related Content

Did this answer your question?