5.2 Capabilities: Intelligence Workflows

Updated 2 weeks ago by TruSTAR

An Intelligence Workflow is a no-code process for creating customized intelligence pipelines that automate data processing. Setting up one or more pipelines can provide better data faster to support making crucial security decisions. 

This feature will be available in Q1 2021.

Components

Intelligence Workflows have three components:

  • Sources: Intelligence Sources or Events
  • Transformations: Priority scores, whitelists, filtered attributes
  • Destinations: Locations such as vetted or shared Enclaves or third-party security tools 

Types

TruSTAR offers two types of workflows you can customize to your needs: 

  • Phishing Triage: Collects submitted emails and then prioritizes those email events using normalized scores and attributes of indicators from your Intelligence Sources. The workflow then (automatically or with a human in the loop) stores those Indicators and Events in a vetted Enclave for use by your security tools.
  • Indicator Prioritization: Takes Indicators from the selected sources and prioritizes them using normalized scores and attributes, filters them by specific factors, and then sends the Indicators that remain to either an Enclave or to a third-party tool. 


How Did We Do?