REST API v2.0
The TruSTAR REST API enables you to easily synchronize report information available in TruSTAR with the monitoring tools and analysis workflows you use in your infrastructure. All API access is over HTTPS, and all data is transmitted securely in JSON format.
Changes in Version 2.0
Version 2.0 introduces some changes from previous versions of the TruSTAR REST API:
- Support for Intel Workflows
- Introduces the term Submission to cover Intelligence Sources, Events, and Indicators. Some endpoints can be used for any Submission, while other endpoints are specific to one type of Submission, for example, Submission Event endpoints.
- Replaces Reports with Intelligence
- Replaces Whitelists with Safelists
- API Usage Policy
- API documentation
- The TruSTAR Python SDK can be used to interact with the TruSTAR Rest API from within any Python program.
The API provides endpoints for these functional areas of the TruSTAR platform:
Endpoints for Authentication (API Key and API Secret).
Gets a list of Enclaves that the user has permissions to access.
Endpoints to create a new Safelist library, add or delete entries, and delete a Safelist library. Other endpoints support migrating the Company whitelist to a Safelist library, retrieve a Safelist library by its GUID, parse terms from a chunk of text, and get the list of summaries for the Safelist libraries for your organization.
Endpoints to search for Indicators and update tags.
Endpoints to get observables in a submission, search for observables, and remove or add tags to an observable.
Endpoints for submissions (Intelligence Sources, Events, or Indicators) that you can use to get status, search, redact text, or alter tags.
Endpoints to create, update, upsert, find, or delete Events.
Endpoints to create, update, upsert, find, or delete Indicators.
Endpoints to create, update, upsert, find, or delete Intelligence.
Endpoints that support Intel Workflow functionality