Getting Started

Updated 16 hours ago by Elvis Hovor

The TruSTAR App for Demisto includes commands that enable you to manipulate Intel Reports and Indicators in TruSTAR Enclaves.

Options for Using Commands

You can execute TruSTAR commands in three ways:

If you are using the Demisto CLI, any arguments to the command are separated by spaces (not semi-colons or other characters).

Command Outputs

After you successfully execute a command, a DBot message appears in the War Room with the command details.will be returned. This matches the view you would see in the TruSTAR Web App.

Command Details

To learn more about using commands in the TruSTAR App for Demisto, use either the left menu or the top menu in this Knowledgebase see these sections of the User Guide:

  • Report Commands
  • Indicator Commands

Supported Indicators

The TruSTAR/Demisto integration supports these Indicators:

  • Account.Email.Address
  • CVE.ID
  • Domain.Name
  • File.MD5
  • File.SHA1
  • File.SHA256
  • IP.Address
  • RegistryKey.Path
  • URL.Data


How Did We Do?