User Guide: TruSTAR for Demisto

Updated 5 months ago by TruSTAR

The TruSTAR App for Demisto includes commands that enable you to manipulate Intelligence Reports and Indicators stored in TruSTAR Enclaves.

Using Commands

You can execute TruSTAR commands in three ways:

  • From the Demisto command line interface (CLI). If you are using this method, keep in mind that any arguments to the command must be separated by spaces (not semi-colons or other characters).
  • As part of an automation
  • In a Demisto playbook

Command Outputs

After you successfully execute a command, a DBot message appears in the War Room with the command details.will be returned. This matches the view you would see in the TruSTAR Web App.

Command Details

To learn about commands in the TruSTAR App for Demisto, click any of the links below.

Supported Indicators

Demisto supports these Indicators:

  • Account.Email.Address
  • CVE.ID
  • Domain.Name
  • File.MD5
  • File.SHA1
  • File.SHA256
  • IP.Address
  • RegistryKey.Path
  • URL.Data


How Did We Do?