REST API v2.0

Updated 4 months ago by TruSTAR

The TruSTAR REST API enables you to easily synchronize report information available in TruSTAR with the monitoring tools and analysis workflows you use in your infrastructure. All API access is over HTTPS, and all data is transmitted securely in JSON format.

Changes in Version 2.0

Version 2.0 introduces some changes from previous versions of the TruSTAR REST API:

  • Support for Intel Workflows
  • Introduces the term Submission to cover Intelligence Sources, Events, and Indicators. Some endpoints can be used for any Submission, while other endpoints are specific to one type of Submission, for example, Submission Event endpoints.
  • Replaces Reports with Intelligence
  • Replaces Whitelists with Safelists

API Coverage

The API provides endpoints for these functional areas of the TruSTAR platform:

Function

Description

Authentication

Endpoints for Authentication (API Key and API Secret).

Common

Ping command

Enclave

Gets a list of Enclaves that the user has permissions to access.

Safelist

Endpoints to create a new Safelist library, add or delete entries, and delete a Safelist library. Other endpoints support migrating the Company whitelist to a Safelist library, retrieve a Safelist library by its GUID, parse terms from a chunk of text, and get the list of summaries for the Safelist libraries for your organization.

Indicators

Endpoints to search for Indicators and update tags.

Observable

Endpoints to get observables in a submission, search for observables, and remove or add tags to an observable.

Submission

Endpoints for submissions (Intelligence Sources, Events, or Indicators) that you can use to get status, search, redact text, or alter tags.

Submission Event

Endpoints to create, update, upsert, find, or delete Events.

Submission Indicators

Endpoints to create, update, upsert, find, or delete Indicators.

Submission Intelligence

Endpoints to create, update, upsert, find, or delete Intelligence.

Workflow

Endpoints that support Intel Workflow functionality


How Did We Do?