Security FAQ

Updated 7 months ago by TruSTAR

Is TruSTAR STIX-compliant?

Yes, the TruSTAR platform is designed to work with STIX-formatted incident reports. We also ingest JSON, XML, CSV, email listservs, and other data formats for customers. Reach out to us at if you have questions about data rendering.

What TruSTAR IP addresses should I add to my proxy and firewall rules?

TruSTAR is a cloud-based service, so we recommend that you use hostname-based listing when accessing our services. The standard host name to add to your allow list or safe list is

The hostname can point to either of two related hostnames:

  • points to an Application Load Balancer (ALB), which dynamically associates IP addresses based on traffic load. This means the IP addresses are subject to change, automatically, as needed by the ALB.
  • is only used when TruSTAR is down, such as during maintenance.

At any point in time, you can use a DNS lookup for to list the current IP addresses in use. You can verify that these addresses have not changed by typing the command host or host in a Linux or Mac terminal window.  These commands will display all IP addresses that TruSTAR's URLs can resolve to.

What encryption versions does TruSTAR support?

The TruSTAR production environment's AWS ELB uses security policy "ELBSecurityPolicy-TLS-1-2-2017-01", which supports TLS 1.2.  The last proxy / firewall / gateway appliance in the communication chain between your host that's calling TruSTAR and TruSTAR's ELB must encrypt the communication with TLS 1.2.

TruSTAR will not accept requests to connect using either TLS 1.0 or SSL. 

What authentication methods does TruSTAR support?

When connecting to third-party intelligence sources, TruSTAR is SOC II Compliant.

Some example of security parameters include Internet-facing Web Services Use Strong TLS, Encrypted Admin Connections, Encrypted Remote Services, HTTPS everywhere, Encrypted Office Wifi. All of our feeds use an HTTPS-based authentication framework with different types of authentication schemes. (e,g. Basic Authentication, OAuth 2.0, Digest and others). This also includes TAXII feeds likes DHS AIS and FS-ISAC.

What security mechanisms protect the connection to and transmission of data?

Data is encrypted in transit and at rest using industry best practices. TruSTAR uses HTTPS to access with SSL everywhere. TruSTAR is SOC II compliant.

How Did We Do?