User Guide: TruSTAR for Demisto

Updated 1 month ago by Elvis Hovor

The TruSTAR App for Demisto includes commands that enable you to manipulate Intel Reports and Indicators in TruSTAR Enclaves.

Using Commands

You can execute TruSTAR commands in three ways:

  • From the Demisto CLI. If you are using the Demisto CLI, any arguments to the command are separated by spaces (not semi-colons or other characters).
  • As part of an automation
  • In a Demisto playbook

Command Outputs

After you successfully execute a command, a DBot message appears in the War Room with the command details.will be returned. This matches the view you would see in the TruSTAR Web App.

Command Details

To learn about commands in the TruSTAR App for Demisto, see these sections of the User Guide:

Supported Indicators

Demisto supports these Indicators:

  • Account.Email.Address
  • CVE.ID
  • Domain.Name
  • File.MD5
  • File.SHA1
  • File.SHA256
  • IP.Address
  • RegistryKey.Path
  • URL.Data


How Did We Do?