5.2 Capabilities: Intelligence Workflows
An Intelligence Workflow is a no-code process for creating customized intelligence pipelines that automate data processing. Setting up one or more pipelines can provide better data faster to support making crucial security decisions.
Intelligence Workflows have three components:
- Sources: Intelligence Sources or Events
- Transformations: Priority scores, whitelists, filtered attributes
- Destinations: Locations such as vetted or shared Enclaves or third-party security tools
TruSTAR offers two types of workflows you can customize to your needs:
- Phishing Triage: Collects submitted emails and then prioritizes those email events using normalized scores and attributes of indicators from your Intelligence Sources. The workflow then (automatically or with a human in the loop) stores those Indicators and Events in a vetted Enclave for use by your security tools.
- Indicator Prioritization: Takes Indicators from the selected sources and prioritizes them using normalized scores and attributes, filters them by specific factors, and then sends the Indicators that remain to either an Enclave or to a third-party tool.