Quick Tutorial

This quick tutorial will show you the 3 steps to start extracting indicators out of documents and get you started using CTIE in less than 2 minutes.

Step 1: Select Sources and Indicators

Step 1(a): Select the Documents

To collect indicators, you must tell the application where to get them. You can select both local files or documents hosted on remote web sites. CTIE supports the most common file formats for reports such as Microsoft Office® documents or Portable Document Format (PDF) files. You can also include hyperlinks. Use the Add File(s), Add Folder or Add Link(s) buttons (1) on the main window to select files to extract indicators from.

Step 1 (b): Select the Indicators

Once you have selected where you want CTIE to look, you will need to tell the program what to look for or in other words, what indicators are you looking for. This is done by selecting the various indicator categories in the Indicators (2) section of the main window.

_images/Tachikoma-Source-And-Indicators-Selection.png

Import one or multiple sources (1). These sources will be displayed in the Sources (2) section and click Next (3) to start the extraction proces.

At this point, you’re all set! Click Next (3) to start the extraction process. Depending on the quantity of documents to analyze, this may take a while. Proceed to step 2 to review the results.

Step 2: Review the Results

It’s very difficult to catch the exact indicators from such a wide variety of reports and file formats that currently exists. As such, CTIE may return a number of irrelevant results, such as benign web addresses or local Internet Protocol (IP) addresses. While you can configure CTIE to better filter out these, you should always review the results to make sure they fit your needs and the results does not include benign indicators. After the extraction process is completed, the program will display all the indicators it found and display them in a table.

_images/Tachikoma-Review-And-Select-Indicator.png

Unselect the undesired indicators (1) and click Next (2) to export them into a file.

Simply unselect the indicators you do not wish to export by unchecking boxes (1). At any time, you can click “Previous” to modify the sources or indicators. Once you’re satisfied with the results, click Next (2) to proceed to the last step.

Step 3: Export to a File

Once you click Next (2), you will be prompted to choose a location where to export the results and a file format. In the Export As dialog perform this steps:

  1. Select a location on your computer (1);
  2. Select a filename (2);
  3. Select a file format (3); and
  4. Click OK and you’re done!
_images/Tachikoma-Export-Dialog.png

Select a location (1) and filename (2), select a file format (3) and click **OK to export the indicators into a file.

After clicking on Save, CTIE will create the file at the You can then review the output file by selecting Open File and/or start the extraction process again by clicking Finish.

_images/Tachikoma-Conclusion-Panel.png

Once the indicators has been saved, you can review the file or restart the process.