There is a lot to see and explore in scoutPRIME's User Interface. Take the time to become familiar with the various features and actions available at your fingertips.
This section of the guide provides an introduction to the items in the navigation bar and the landing page so that you can start using the tool as quickly as possible, including:
The Main Navigation Bar
1. Candy Box - Allows you to switch to another app, for example, from scoutPRIME to LookingGlass Suite, or to another product you also have a subscription for (e.g., scoutINSPECT, scoutTHREAT).
2. LookingGlass logo - Acts as the "Home" button, allowing you to return to the Workspace Dashboard.
3. Search bar - The search bar allows to run different types of queries, refer to the box below for filter information.
Allows you to search for an online asset/element. You can search by domain name (FQDN), IP address (IPV4 or IPV6), CIDR4 and CIDR6, ASN, and Owner.
Allows you to see the geolocation(s) of the online asset.
Allows you to search for domains by the name, address, telephone number, email address or geolocation of the registrant listed in current or historical Whois records.
Lists any Threats or Vulnerabilities associated with an online asset/element. This a useful type of search because you can easily discover what level of risk an element may carry.
4. Workspace - Displays the name of the workspace you are in. When you click the down arrow, a list of other organization workspaces will be shown. You could switch to other workspaces, but keep in mind that this action may require permissions from your administrator.
5. Question mark icon - Provides links to scoutPRIME's user documentation (Knowledge Base) and API documentation. And, the Bell icon, will display notifications to your system.
6. Your username avatar - This is a drop-down menu that allows you to Logout, but also view these sections:
Manage Account - Clicking this will take you to LookingGlass Suite where you can make changes to your profile and password.
Admin (requires admin privileges) - Allows an organization administrator to manage users, groups, and workspaces.
API Tokens - This will take you to Account Management settings on LookingGlass Suite. Once there, click the API Tokens tab to create or delete API tokens.
About - Provides software version information.
7. Main application features:
Dashboard - Provides visual snapshots of an organization's workspace for a quick overview of the various statuses of all collections.
Collection Health - Provides visual snapshots of an organization's collection(s) for a quick overview of their overall health (the criticality of any risks and vulnerabilities).
Metrics - This will take you to System Metrics which presents statistical information about Threats and Threat associations.
Collection Management - Allows you to view severity levels, TIC scores, associated owners, and classifications for each saved collection. You can also click to view or review collection elements.
Element Details - Provides relevant risk information for an element in a collection. Elements include: Domain names (FQDN), IP addresses (IPV4 or IPV6), CIDR4 and CIDR6, ASNs, and Owners.
Reports - This is the section of scoutPRIME that allows you to create and schedule summary reports on how your collections are doing as well as daily activities of Threat associations.
The Workspace Dashboard
A workspace's dashboard offers visual snapshots of various statuses for the collection(s) it contains, including TIC scores and criticality levels.
NOTE: If a workspace is new and doesn't contain collections, there will no data shown on the various dashboard sections.
Let's examine what information each dashboard section provides:
Overall Risk Score
This section provides an overall TIC or risk score for all the collections that exist in the workspace.
The example above shows an overall score of 86 for all the collections in the Acme LTD Workspace. Similarly, your collections will also get a combined TIC score.
TIC History shows activity in the past seven days. This graph can help you visualize the daily criticality level for all combined workspace collections.
You can also click See All Collections to get access to a complete list of all workspace collections.
Critical and Elevated Collections
This section will display the collections in your workspace that are elevated and most critical, as well as their corresponding TIC score. The horizontal bars may display the following colors:
Low or normal
The graphic will also show how the criticality level has increased (e.g., Up 54.5%) or decreased (e.g., Down 2.9%) over the past seven days.
The Collections Overview's donut graph offers a glimpse into which element types are most common in your collections. Element types include, ASNs, FQDNs, Owners (or Registrants), IPs, and CIDRs.
Associations by Risk Category
Associations by Risk Category will show the types of vulnerabilities or threats that are most prevalent in your collections and/or member elements. Some of these risks can include, vulnerable services, botnet infections, etc.
Pinned Collections section will display the top three collections in your workspace. Each set will include:
The name of your collection
The collection's overall Risk or TIC Score
New Risk Associations (threats or vulnerabilities) and corresponding TIC score
The TIC score for elevated elements in the collection
And, the date of discovery or system scan
To view view more details about the collection, click See Collection. To view all threats and vulnerabilities, click View All Associations.
To select which collections you want displayed under Pinned Collections whenever you log in, click Select Collections and make mark the checkbox. You can also look for the collection(s) in the search box. Click Reset to uncheck all boxes.
You can customize which workspace you'd like to see when you login, see: Setting a Default Workspace.