User Guide: TruSTAR for Demisto
The TruSTAR App for Demisto includes commands that enable you to manipulate Intel Reports and Indicators in TruSTAR Enclaves.
Using Commands
You can execute TruSTAR commands in three ways:
- From the Demisto CLI. If you are using the Demisto CLI, any arguments to the command are separated by spaces (not semi-colons or other characters).
- As part of an automation
- In a Demisto playbook
Command Outputs
After you successfully execute a command, a DBot message appears in the War Room with the command details.will be returned. This matches the view you would see in the TruSTAR Web App.
Command Details
To learn about commands in the TruSTAR App for Demisto, see these sections of the User Guide:
- Report Commands
- Report Searches
- Indicator Retrieval
- Indicator Searches
- Phishing Triage Commands
- Whitelisting Commands
- Listing Enclaves
Supported Indicators
Demisto supports these Indicators:
- Account.Email.Address
- CVE.ID
- Domain.Name
- File.MD5
- File.SHA1
- File.SHA256
- IP.Address
- RegistryKey.Path
- URL.Data