How To Read TruSTAR's Graph Visualization
EDITORIAL NOTE: All info previously in this document has been moved to Reports Constellation View and/or IOCs Constellation view. This document has been archived as of April 2020.
Data submitted to TruSTAR is converted into a graph data model users can easily manipulate and explore (see image below). We call TruSTAR graphs “Constellations.” All of our data can be categorized into two node types : Report and IoC.
- A Report node represents information collected from a number of different sources, including user-reported incidents, and paid/open source threat data feeds. Report nodes are represented with the blue TruSTAR icon.
- An IoC node represents all indicators extracted from a specific Report. IoC nodes are represented with smaller icons specific to the data source.
- A Tag node represents tags applied to a report or IoC and is visually depicted on the graph. Reports branching off the tag share the same tag, have a correlating IoC(s), and are present in the same timeline.