Is TruSTAR STIX-compliant?
Yes, TruSTAR is designed to work with STIX-formatted incident reports. We also ingest JSON, XML, CSV, email listservs, and other data formats for customers. Reach out to us at firstname.lastname@example.org if you have questions or feedback around data rendering.
What TruSTAR IP addresses should I whitelist in my proxy and firewall rules?
TruSTAR is a cloud-based service, so we recommend that you use hostname-based whitelisting when accessing our services.The standard host name to whitelist is station.trustar.co.
Why can't I use IP-based whitelisting?
The station.trustar.co hostname can point to either of two related hostnames:
- station-live.trustar.co points to an Application Load Balancer (ALB), which dynamically associates IP addresses based on traffic load. This means the IP addresses are subject to change, automatically, as needed by the ALB.
- station-down.trustar.co is only used when TruSTAR is down, such as during maintenance.
At any point in time, you can use a DNS lookup for station.trustar.co to list the current IP addresses in use. You can verify that these addresses have not changed by typing the command host station.trustar.co or host api.trustar.co in a Linux or Mac terminal window. These commands will display all IP addresses that TruSTAR's URLs can resolve to.
What encryption versions does TruSTAR support?
The TruSTAR production environment's AWS ELB uses security policy "ELBSecurityPolicy-TLS-1-1-2017-01", which supports TLS 1.1 or greater. Any proxy servers you use myst be equipped to handle TLS 1.1 or higher.
What authentication methods does TruSTAR support?
When connecting to third-party intelligence sources, TruSTAR is SOC II Compliant.
Some example of security parameters include Internet-facing Web Services Use Strong TLS, Encrypted Admin Connections, Encrypted Remote Services, HTTPS everywhere, Encrypted Office Wifi. All of our feeds use an HTTPS-based authentication framework with different types of authentication schemes. (e,g. Basic Authentication, OAuth 2.0, Digest and others). This also includes TAXII feeds likes DHS AIS and FS-ISAC.
What security mechanisms protect the connection to and transmission of data?
Data is encrypted in transit and at rest using industry best practices. TruSTAR uses HTTPS to access with SSL everywhere. TruSTAR is SOC II compliant.