When you click on search results, details about assets or elements will appear in the Element Details page. Let's go over what some of the sections of the page contain as you review and analyze the data.
Viewing Search Results: Threats, Risks, and Vulnerabilities
#1. The left side panel of the page can display the following:
Associations - When this is selected, the panel will display all Threats and Vulnerabilities that impact the element.
Threats - When this is selected, the panel will display only Threats that impact the element.
Vulnerabilities - When this is selected, the panel will display only Vulnerabilities that impact the element.
When you select to view either a Threat or Vulnerability from the list, click on the small down arrow to view additional details.
Viewing Search Results: Ownership
#2. Ownership will display networks, companies or entities that currently own or had owned the asset/element at some point in time. By "ownership," it is implied that the entity bought or registered the element as theirs.
When you click on an item on the list, an Element Details page will open with details about the owner.
On the page you will see, a list of Owned Elements. This is a list of other online assets that are or were registered to the owner.
NOTE: Commonly, the element type for items on the list will be a cidrv4 (Classless Inter-Domain Routing). A CIDR is an IP addressing method that improves the allocation of IP addresses. This scheme is used to extend the life of IPv4 addresses and slows down the growth of routing tables.
Below the Owned Elements list are two sections:
Collections - This section will display saved collections in your system that contain this particular owner.
Notes - Here you can view notes others or you have created about this Threat. You can also add a new one by clicking the **+** icon on the section's top right corner.
Viewing Search Results: Collections
#3. Collections is the section that lists any saved collections in your system (from all Workspaces) that contain the element in it.
When you click on any collections on the list, they will open up under Collection Management.
In Collection Management you will be able to view the following:
#1. Elements - Elements and how many of them exist in the collection.
#2. Element Severity - Elements within the collection that are Normal or carry Risk.
#3. Collection TIC Score - Visual representation of how the TIC score has fluctuated over a date range.
#4. Associated Owners - A list of associated or relevant owners that are connected to the collection.
#5. Classifications - Lists types of risks or exposures that elements in the collection carry. The two classifications used in scoutPRIME are Malicious and Vulnerable Service.
#6. All Collections - Lists all collections saved in the Workspace.
#7. Rules and Notes - Rules used to manage or build the collection's data. And, notes you or others have created about the collection.
#8. Actions - Drop-down menu with options to help manage your collection.
NOTE: For more on Collection Management, see Collection Management
Viewing Search Results: Threat Details
If you click on the name of a listed Threat from the left panel, an Element Details page will load providing you with details about the Threat.
According to the National Institute of Standards and Technology (NIST), a Threat is any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
scoutPRIME retrieves Threat information from a number of sources or data feeds, to provide you with elements that may carry this type of risk.
Here is what each of the sections on Threat Details page provides:
System Information - This section provides information about the Threat, including what systems it affects, description, information on detection, mitigation, and more.
Threat Properties - Based on your research and analysis, you may determine that a Threat represents greater or less risk to your organization. When this happens, you can adjust the current TIC score properties individually for the source, criticality, or classifications. For step-by-step instructions to do this, click here.
Associated Collections - This section contains information on which of your collections contains the element impacted by the Threat. If a number exists in parenthesis next to the section title, it indicates how many collections in your system (all Workspaces) carry the same risky element.
Hashes - If a malicious file (e.g., malware, spyware, a worm, trojan, etc.) is associated with the element, it will list its hash here. You can look up the hash on a website such as VirusTotal to tell you what the malicious file is and what it does.
Notes - Here you can view notes others or you have created about this Threat. You can also add a new one by clicking the + (plus sign) icon on the section's top right corner.
Threat Details: Actions
Near the top of the left side corner is the Actions drop-down menu. Here you can select to Export the element details about this Threat as a report.
You can also Add/Edit Labels which is like adding tags that can help you keep track of items you'd like to revisit.
To do this, click on Add/Edit Labels and assign it a unique label name, then press Save. To view this item again in the future, all you need to do is type in the label in the search box.
Viewing Search Results: Vulnerability Details
Vulnerabilities are defined by STIX Version 2.0 as "a mistake in software that can be directly used by a hacker to gain access to a system or network."
Discovered vulnerabilities are published in databases by cybersecurity researchers as "CVEs" which stands for Common Vulnerabilities and Exposures.
A CVE number identifies each vulnerability that has been found or reported by a trusted agency.
scoutPRIME can retrieve CVE or vulnerability information for elements that carry risk just as it does for Threats. Each of those vulnerabilities will be displayed on an Element Details page like the one below.
The Vulnerability Details page provides the following sections and information:
System Information - Provides the full name of the Vulnerability, its CVSS score, and the CVE number.
Vulnerability Properties - This information includes TIC scores for the Vulnerability, the Source where the CVS information came from, its classification, and Criticality.
Based on your research and analysis, you may determine that a Vulnerability represents greater or less risk to your organization. When this happens, you can adjust the current TIC score properties individually for the source, criticality, or classifications. For step by step instructions to do this, click here.
Associated Collections - List of saved collections that carry the element with the said Vulnerability.
Notes - Here you can view notes others or you have created about this Vulnerability. You can also add a new one by clicking the + (plus sign) icon on the section's top right corner.
Vulnerability Details: Actions
Near the top of the left side corner is the Actions drop-down menu. Here you can select to Export the element details about this Vulnerability as a report.
You can also Add/Edit Labels which is like adding tags that can help you keep track of items you'd like to revisit.
To do this, click on Add/Edit Labels and assign it a unique label name, then press Save. To view this item again in the future, all you need to do is type in the label in the search box.