FAQ: TruSTAR for Resilient

Updated 2 months ago by Elvis Hovor

This document explains how to manually install the TruSTAR Workflow App for IBM Resilent, update the app, or uninstall it. The document also covers troubleshooting and known issues. 

Manually Installing the TruSTAR App

Before manually installing the TruSTAR App, you need to perform these tasks explained in the Install for Resilient support document:

  • Check if IBM Resilient Circuits is installed on your environment.
  • Creating or Updating the Resilient Circuits Configuration File
  • Editing the Configuration File
  • Configuring the Threat Service
  • Executing the keyring Command
  • Executing the customize Command
  • Running the integration framework.

Installing the TruSTAR App

To download the latest version of the TruSTAR App for IBM Resilient, use this link

  1. Navigate to the Admin tab in Resilient.
  2. Click Extension Management.
  3. Click Add and select the TruSTAR App bundle from the location you downloaded it to. 
  4. Click Install Immediately, then click OK to begin the installation. 

You now see the TruSTAR App settings on the IBM Resilient Admin page and GUI buttons for TruSTAR actions you can take.  

Updating the TruSTAR App 

  1. Navigate to the Admin Tab in Resilient.
  2. Click Extension Management.
  3. Click Add and select the TruSTAR App bundle application.
  4. Click Install Immediately.
  5. Click OK.

Uninstalling the TruSTAR App

To uninstall the TruSTAR App, follow these steps:

  1. Go to the Admin tab in IBM Resilient.
  2. Click Extension Management.
  3. Select the TruSTAR App for Resilient application
  4. Click Uninstall.

Addressing SSL Proxy Issue

Confirm that the firewall's root cert to the Python “certifi” library’s cacerts.pem file on the TruSTAR Resilient integration’s host. Then use the TruSTAR Python SDK’s “ping” function to successfully ping Station with SSL verification = True.

Limitations

  • It takes 10-15 seconds to fetch data from TruSTAR and see it displays within Resilient.
  • If you do not see data, you may need to refresh the Resilient page.
  • Some indicators for URL types are not accepted by Resilient, so the artifact type "URL String" is assigned to those indicators.


How Did We Do?