How To Read TruSTAR's Graph Visualization

Updated 2 months ago by Shimon Modi

EDITORIAL NOTE: All info previously in this document has been moved to Reports Constellation View and/or IOCs Constellation view. This document has been archived as of April 2020.

Data submitted to TruSTAR is converted into a graph data model users can easily manipulate and explore (see image below). We call TruSTAR graphs “Constellations.” All of our data can be categorized into two node types : Report and IoC.

  • Report node represents information collected from a number of different sources, including user-reported incidents, and paid/open source threat data feeds. Report nodes are represented with the blue TruSTAR icon.
  • An IoC node represents all indicators extracted from a specific ReportIoC nodes are represented with smaller icons specific to the data source.
  • A Tag node represents tags applied to a report or IoC and is visually depicted on the graph. Reports branching off the tag share the same tag, have a correlating IoC(s), and are present in the same timeline. 

How Did We Do?