Fetch Indicator Information

Updated 1 week ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command provides structured summaries about Indicators, which are derived from external intelligence sources available on the TruSTAR Marketplace.

Format

trustar-indicator-summaries

Example

!trustar-indicator-summaries values=LOCKY,23.121.54.102

Inputs

Argument

Description

Required

values

Comma-separated Indicator values.

Supported Indicators

Yes

enclave_ids

The Enclaves where you want to search for indicators. These should be Enclaves containing data from sources on the TruSTAR Marketplace. Finding Enclave IDs

No

limit

Limit of results to return. Max value possible is 1000.

Default value is 25.

No

Outputs

Path

Type

Description

TruSTAR.IndicatorSummaries.severityLevel

string

Indicator severity level

TruSTAR.IndicatorSummaries.reportId

string

Indicator report ID

TruSTAR.IndicatorSummaries.value

string

Indicator value

TruSTAR.IndicatorSummaries.score.name

string

Indicator score name

TruSTAR.IndicatorSummaries.score.value

string

Indicator score value

TruSTAR.IndicatorSummaries.attributes

string

Indicator attributes

TruSTAR.IndicatorSummaries.enclaveId

string

Indicator enclave ID

TruSTAR.IndicatorSummaries.type

string

Indicator type

TruSTAR.IndicatorSummaries.source.key

string

Indicator source key

TruSTAR.IndicatorSummaries.source.name

string

Indicator source name

TruSTAR.IndicatorSummaries.updated

string

Indicator last update value

File.Name

string

The full file name

<indicator>

String

Supported Indicators

DBotScore.Indicator

string

The indicator we tested

DBotScore.Type

string

The type of the indicator

DBotScore.Vendor

string

Vendor used to calculate the score

DBotScore.Score

number

The actual score


How Did We Do?