F-ISAC

Updated 5 days ago by Elvis Hovor

This document explains how to set up and use the F-ISAC intel feed with TruSTAR Station.

  • Time to Install: 10 minutes
  • Feed Type: Closed (requires F-ISAC membership)
  • Update Mechanism: Feed-based
  • Update Frequency: 15 minutes
  • API Timeout: 30 seconds

Financials Information Sharing and Analysis Center Japan (F-ISAC Japan) was established so that Japan’s financial institutions are able to share and analyze cyber security information, and conduct cooperative activities to improve their safety and security. 

Requirements

  • Membership in F-ISAC
  • F-ISAC API key, email and password
TruSTAR Admin rights are required to activate this closed source feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  1. Click Closed Sources.
  2. Click Subscribe on the F-ISAC box.
  1. Click on F-ISAC logo and fill in your API key, email and password, then click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

Field 

Explanation

Example

Report Title

{indicator_type} {indicator_value} {message_subject}

IPv4 38.21.241.233 DoS攻撃について

External ID

Encoded value of sha256 of {Report Title}

encoded value of (752112)

Report Body

Full JSON response

Time Begiun

Created_at": posting date and time

Tags

Priority": priority (e.g. Priority: High)

Deeplink

Link to the F-ISAC report

Note: Tags longer than 32 characters will be ignored.

Client Type

PYTHON_SDK

Client Meta Tag

stash_f-isac

FAQ

Q. What data is pulled from F-ISAC? 

A. The integration pulls reports from F-ISAC that have the cyber IOC’s listed below:

  • IP
  • Domain
  • URL
  • MD5
  • SHA1 /SHA256

Contact TruSTAR to discuss additional indicators that can be queried from F-ISAC.

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.

Technical Details

WorkFlow:

  • Each Indicator block in the response will be submitted to TruSTAR as a new report
  • LIST INDICATORS
    Sample Query: GET https://localhost:7001/api/v1/indicators.json?q[predicate]=range&q[attribute]=indicator_updated_at&q[start]=2019/02/13 17:00&q[end]=2019/02/13 18:00

Response:

{

"indicators": [

{

"indicator_id": 5118,

"indicator_category": "NOTICE",

"indicator_type": "URL",

"indicator_value": "",

"indicator_description": ""

"indicator_date": "2019/02/13",

"indicator_time": "01:02:36",

"indicator_reliability": 99,

"indicator_validate_result": "NG",

"indicator_created_at": "2019/02/13 17:10",

"indicator_updated_at": "2019/02/13 17:10",

"group": {

"group_id": 1,

"group_name": ""

},

"feed": {

"feed_id": 11,

"feed_name": "\"

},

"thread": {

"thread_id": 7116,

"thread_title": "[金融\"

},

"message": {

"message_id": ,

"subject": "[金融ISAC]インディケー 2019/02/13",

"message_category": "INFO",

"body": "不審な

"expires": null,

"created_at": "2019/02/13 17:10",

"updated_at": "2019/02/13 17:10",

"author_name": "API 金融ISAC",

"belongs_to": "金融ISAC",

"tlp": "AMBER",

"priority": "INFORMATION"

}

]

}

How Did We Do?