NOTE: This feature may or may not be included in your user license. Check with your administrator or contact LookingGlass Support for assistance.
Overview
Adding a threat manually on scoutPRIME is a feature that can help you keep track of any new emerging threats or intelligence items that have yet to be delivered by a data feed.
You can also use this feature for tracking threats that are unique to your organization or field.
The table below shows the types of threat classifications in the system. New classifications can be added by contacting LookingGlass Support.
Actions Actor Adware Anonymization AOL Apt Attack Automatic Transfer System Backdoor Bgp Black Hat Bot Brand or Image Degradation Bruteforce Bulletproof Hosting/rouge Hosting C2 Campaign Characteristics Corn Chemical, Biological, Radiological, Nuclear Chat server Click fraud Cloud hosting Collective Threat Intel Communications Compromised Server Confidential Information Corporate Credential Theft Credential Theft Botnet Operator Credential Theft Botnet Service Cryptocurrency Cyber Espionage Operations Darknet Data Breach or Compromise DDOs Degradation of Service | Destruction Dialer Disgruntled User Disruption of Service DNS Domain Watchlist DoS Downloader Dropper Dynamic DNS Economic eCrime Actor Education Electronic Payment Methods Endpoint Characteristics Exfiltration Exit Node Exploit Attempt Exploit Kit Fast Flux Botnet Hosting File Hash Watchlist Financial Financial Loss Forums Gray Hat Hacker Hacktivism Hijack Honeypot Host Characteristics Hosting IP Illegal Activity Information Loss Infrastructure Injection Insider Threat Intel Intellectual Property IP Watchlist IRC | Jabber Jihadist Legitimate Domain Registration Services Loss of Competitive Advantage Malicious Malicious Domain Registrars Malicious Email Malicious Host Malvertising Malware Malware Artifacts Malware Developer Military Mobile Communications Mobile Device Money Laundering Network Organized Crime Actor P2P Participant Password Cracking Phishing Political Port Scanner POS - ATM Probes Proprietary Information Proxy Public Ransomware Recon Regulatory, Compliance or Legal Impact Remote Access Trojan Rogue Antivirus Rootkit Router | Russian Business Network SCADA Scanning Sending Spam Sinkhole SMTP Abuse Social Networks Spam Spam Service Spyware State Actor or Agency Stress Test Tool Terrorist Threat Actor Characterization Threat Report Tool Top-level Domain Registrar Tor Traffic Service Transparent Trojan TTP Unclassified Underground Call Service Unintended Access URL Watchlist User Data Loss User-generated Content Websites VPN Vulnerability Vulnerability Scanner Vulnerable Service Watchlist Web Panel Web Shell White Hat White Supremacist Worm |
Adding a New Threat
To add a new threat to your scoutPRIME system, you must be a user who belongs to a Group that has been granted Global Permissions to:
Create Threat
Create Source
Create Classification
Contact your administrator to grant you these permissions or contact LookingGlass Support.
Steps
1. First, ensure that you belong to a Group that has the above Global Permissions enabled.
2. Click on the ellipsis (three dots), below the navigation bar on the right hand side of the Workspace Dashboard page, then select New Threat.
The New Threat page will load.
3. Next, add the threat's name. Then, enter the Criticality Score which is the same as the TIC Score. For score range information, click here.
4. You can create the Source of the threat intelligence, simply type it in the field, then select Create when you are done.
5. Next, choose the threat's Classification from the drop-down menu.
6. Add any elements associated with the threat - you can do this manually or by clicking ADD ELEMENTS. Examples of elements include:
IP addressess
FQDNs
ASNs
CIRDs
7. You can also add Metadata and a Description of the threat. When you are finished, click Save.
8. A banner will appear at the bottom of the page to confirm that you have successfully added the new threat.
Searching for a Newly Added Threat
To search for a threat you have added manually, first, give the system a few minutes to process it. Then, type its in name in the search field and select the Associated Risks filter.
The search results page will display the threat you added manually.
You can click on the threat's name from the search results list to view it in the Element Details page.
