User Guide: TruSTAR for Demisto
The TruSTAR App for Demisto includes commands that enable you to manipulate Intelligence Reports and Indicators stored in TruSTAR Enclaves.
Using Commands
You can execute TruSTAR commands in three ways:
- From the Demisto command line interface (CLI). If you are using this method, keep in mind that any arguments to the command must be separated by spaces (not semi-colons or other characters).
- As part of an automation
- In a Demisto playbook
Command Outputs
After you successfully execute a command, a DBot message appears in the War Room with the command details.will be returned. This matches the view you would see in the TruSTAR Web App.
Command Details
To learn about commands in the TruSTAR App for Demisto, click any of the links below.
- Report Commands
- Report Searches
- Indicator Retrieval
- Indicator Searches
- Phishing Triage Commands
- Whitelisting Commands
- Listing Enclaves
Supported Indicators
Demisto supports these Indicators:
- Account.Email.Address
- CVE.ID
- Domain.Name
- File.MD5
- File.SHA1
- File.SHA256
- IP.Address
- RegistryKey.Path
- URL.Data