Security FAQ

Updated 5 days ago by Elvis Hovor

What is TruSTAR’s Security Policy?

TruSTAR is SOC II compliant and authenticates through multi-factor authentication. We encrypt all communications through transit and at rest through SSL/TLS and VPN/SSH. Data at rest is encrypted using AES-256, and we operate through a dedicated single-tenant cloud provider hosted on AWS.

Is TruSTAR STIX-compliant?

Yes, TruSTAR is designed to work with STIX-formatted incident reports. We also ingest JSON, XML, CSV, email listservs, and other data formats for customers. Reach out to us at support@trustar.co if you have questions or feedback around data rendering.

What TruSTAR IP addresses should I whitelist in my proxy and firewall rules?

As a provider of a cloud-based service, and do not have traditional servers, the answer to “what IP(s) do we serve from” is not very simple.The hostname “station.trustar.co” can point to either “station-live.trustar.co” or “station-down.trustar.co”. This is based on whether a Route53 health check reaches something returning an HTTP 200 code for station-live.trustar.co.The hostname "station-live.trustar.co” points to an Application Load Balancer, which dynamically associates IP addresses based on traffic load. This means the IP addresses are subject to change, automatically, as needed by the ALB. We recommend our users to use hostname based whitelisting for accessing our services. At any point in time, the correct IPs for “station.trustar.co” can be listed with a DNS lookup for the hostname.

Users can double-check / verify that these addresses have not changed by, at a linux / Mac OS X terminal, typing the command "host station.trustar.co" or "host api.trustar.co".  These commands will show you all IP addresses that TruSTAR's URLs can resolve to.

What encryption versions does TruSTAR support?

The TruSTAR production environment's AWS ELB uses security policy "ELBSecurityPolicy-TLS-1-1-2017-01", which supports TLS 1.1 or greater.  TruSTAR will not accept requests to connect using either TLS 1.0 or SSL.  Users' proxies must be equipped to use TLS 1.1 or greater.  

What authentication methods does TruSTAR support for connecting to intelligence sources?

TruSTAR is SOC II Compliant.

Some example of security parameters include Internet-facing Web Services Use Strong TLS, Encrypted Admin Connections, Encrypted Remote Services, HTTPS everywhere, Encrypted Office Wifi. All of our feeds use an HTTPS-based authentication framework with different types of authentication schemes. (e,g. Basic Authentication, OAuth 2.0, Digest and others). This also includes TAXII feeds likes DHS AIS and FS-ISAC.

Data is encrypted in transit and at-rest using industry best practices. We use HTTPS to access w/ SSL is everywhere. TruSTAR is SOC II compliant.


How Did We Do?