F-ISAC

Updated 1 month ago by TruSTAR

This document explains how to set up the F-ISAC premium intelligence source in the TruSTAR platform.

Financials Information Sharing and Analysis Center Japan (F-ISAC Japan) was established so that Japan’s financial institutions could share and analyze cyber security information and conduct cooperative activities to improve their safety and security. 

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Time to Install: 10 minutes

Observables Supported

  • IP
  • Domain
  • URL
  • MD5
  • SHA1 /SHA256

Requirements

  • Membership in F-ISAC
  • F-ISAC API key, email and password
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium intel.
  4. Click Subscribe on the F-ISAC box.
  5. Click on F-ISAC logo and fill in your API key, email and password, then click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the F-ISAC Enclave using this format.

Field 

Explanation

Example

Report Title

{indicator_type} {indicator_value} {message_subject}

IPv4 XX.XX.241.233 DoS攻撃について

External ID

Encoded value of sha256 of <Report Title>

encoded value of <XXXXXX>

Report Body

Full JSON response

Time Begun

Created_at: posting date and time

Tags

Priority: value

Priority: High

Deeplink

Link to the F-ISAC report

Note: Tags longer than 32 characters will be ignored.

Client Type

PYTHON SDK

Client Meta Tag

stash_f-isac

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?