Top Articles
RiskIQ PassiveTotal | Crowdstrike Falcon Reports | Overview: Intelligence Sources
TruSTAR Platform Overview
1. Introducing TruSTAR
2. Product Architecture
3. Data Management
4. Data Processing
4.1 Data Processing: Collect
4.2 Data Processing: Prepare
4.3 Data Processing: Prioritize
4.4 Data Processing: Connect
5. Capabilities
5.1 Capabilities: Governance
5.2 Capabilities: Intel Workflows
5.3 Capabilities: Search
5.4 Capabilities: Scoring
5.5 Capabilities: Analytics
6. Interfaces
6.1 Interfaces: REST API
6.2 Interfaces: Integrations
6.3 Interfaces: Web App
7. Use Cases
7.1 Use Cases: Detect
7.2 Use Cases: Triage
7.3 Use Cases: Investigate
7.4 Use Cases: Disseminate
TruSTAR Ontology
Apps
Splunk Enterprise Security
User Guide: TruSTAR Unified
1. Overview
2. Download Observables to Splunk
3. Auto Submit + Enrich + Re-enrich NEs (ES)
4. Manually Submit an NE to Enclave (ES)
5. Manually Enrich a Notable Event (ES)
6. Research Observable in TruSTAR.
7. Useful SPL Searches
8. Troubleshooting
FAQ (TS Unif)
Install (TS Unif)
ServiceNow V2 (discontinued)
Install: TruSTAR for ServiceNow V2
User Guide: TruSTAR for ServiceNow V2
Splunk SOAR
TruSTAR Extension for Chrome
Intelligence Sources
Digital Risk/ATO
Cyjax
Digital Shadows
RiskIQ Blacklist
RiskIQ PassiveTotal
Shape Blackfish
SpyCloud
Endpoint
Cisco AMP Threat Grid Indicator Query
Crowdstrike Falcon Detection
Crowdstrike Falcon Intelligence
Crowdstrike Falcon Reports
Threat Intelligence
AbuseIPDB
Alienvault OTX
Alienvault OTX Pulse
Bambenek C2 Domain Feed
Bambenek C2 IP Feed
Bambenek DGA Feed
Cofense Intelligence
Dragos WorldView
Facebook Threat Exchange
Farsight Security
Flashpoint
Hybrid Analysis
IBM X-Force
IBM X-Force Threat Intelligence
Intel 471 Adversary Intelligence
Intel 471 Alerts
Intel 471 Malware Intelligence
Mandiant Threat Intelligence
NetLab 360 DGA Feeds
Recorded Future Hash Intelligence
Recorded Future IP Intelligence
Recorded Future URL Intelligence
Recorded Future Vulnerability Intelligence
Shodan
Symantec Threat Intelligence
VirusTotal
urlscan
Trusted Community
A-ISAC
COVID-19 OSINT Community Enclave
F-ISAC
FS-ISAC
NCFTA CyFin
NCFTA TNT
Other
Custom TAXII Client A, B, C
Cybersource
MISP
Malware Sandboxes
Cisco AMP Threat Grid Analysis
Joe Sandbox
How Intelligence Sources are Updated
Intelligence Sources FAQ
Open Source Intelligence Tech Specs
Overview: Intelligence Sources
Developer Portal
REST API v2.0
TruSTAR Web App
UI Walkthrough
1. Start Here
2. Main Window
3. Filter and Refine Panel
4. Intelligence Reports
5. Indicators
6. Marketplace
7. TruSTAR Community Chat
8. User Settings
Reports
Copying a Report
Deleting a Report
Emailing a Report
Exporting Report Data
Moving a Report
Overview: Intelligence Reports
Redacting Data from a Report
Reports Graph View
Reports List View
Reports Panel
Submitting a Report
Tagging a Report
Updating a Report
Indicators
Exporting Indicators
IOC List View
Observable Graph View
Overview: Indicators
Tagging Indicators
Threat Actors
Uploading Indicators
Whitelisting Indicators
Phishing Triage
Overview: Phishing Triage
Phishing Triage API
Phishing Triage Python SDK
Phishing Workflow in the TruSTAR Web App
Using Phishing Triage with Detection Tools
Using Phishing Triage with Orchestration Tools
Using Phishing Triage with a TAXII Client
User Settings
Determining Your TruSTAR Role / Permissions
Editing Your Profile
Notifications
User Settings Overview
Admin Features
Single Sign-On (SSO)
Okta (SSO)
Ping Identity (SSO)
Salesforce (SSO)
Enclave Inbox
Automating Forwarding to an Enclave Inbox
Setting up an Enclave Inbox with Proofpoint
Managing Users
Managing the Company Whitelist
Managing the Redaction Library
Setting Up Multi-Factor Authentication (MFA)
Setting up a Service Account
Indicator Prioritization Intel Workflow
Creating an Indicator Prioritization Intel Workflow
Deleting an Intel Workflow
Editing an Intel Workflow
FAQ: Intel Workflows
Overview: Indicator Prioritization Intel Workflow
Viewing a Data Set in Postman
Viewing an Intel Workflow
Working with Safelist Libraries
Other Features
MITRE ATT&CK Framework
Navigation Bar
Searching
Using Notes
Using the Filter and Refine Panel
Overview: TruSTAR Web App
Technology
TruSTAR Scoring
Normalized Indicator Scores
Priority Event Scores
Priority Indicator Scores
Auto-Whitelist
Enclaves
Redaction Library
TAXII Applications
Anomali ThreatStream
LogRhythm
Palo Alto MineMeld
TAXII FAQ
TruSTAR TAXII Server
Using other tools' TAXII clients with TruSTAR TAXII Server
FAQs
TruSTAR Policies
API Usage Policy
Privacy Policy
Contacting Support
Finding Your API Keys
Finding a Report ID
Finding an Enclave Email Handle
Finding an Enclave ID
Login FAQ
Observable Collection FAQ
Observables Supported by TruSTAR
Security FAQ
Splunk + TruSTAR Acquisition
TruSTAR Glossary
TruSTAR Videos
Uploading Observables FAQ
Start here to learn about power of the TruSTAR platform
24 articles by 1 author
Integrate TruSTAR into your security toolkit with its app integrations.
14 articles by 2 authors
Explore the many Intelligence Sources available through the TruSTAR platform
52 articles by 3 authors
Build custom applications with the TruSTAR REST API and Python SDK
1 article by 1 author
Learn how to use the TruSTAR web-based GUI tool
65 articles by 2 authors
Explore the technology that drives the TruSTAR platform
6 articles by 1 author
Look here for answers to your questions about the TruSTAR platform
15 articles by 2 authors