FS-ISAC
This document explains how to set up and use the FS-ISAC premium intelligence source with the TruSTAR Web App.
FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry's go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non-profit entity.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 2 hours
- Time to Install: 10 minutes
Data Types
The integration pulls the following Observables from FS-ISAC:
- IP
- CIDR BLOCK
- URL (including DOMAIN)
- MD5
- SHA1 and SHA256
- CVE
- BITCOIN ADDRESSES
- SOFTWARE
- EMAIL ADDRESS
- REGISTRY KEY
- MALWARE
Requirements
- Membership in F-ISAC
- F-ISAC API key, email and password
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side icon list.
- Click Premium Intel.
- Click Subscribe on the F-ISAC box.
- Click on F-ISAC logo and fill in your API key, email and password, then click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
Field | Explanation | Example |
Report Title | {indicator_type} {indicator_value} {message_subject} | IPv4 XX.XX.241.233 DoS攻撃について |
External ID | Encoded value of sha256 of {Report Title} | encoded value of (XXXXXX) |
Report Body | Full JSON response | |
Time Begiun | Created_at": posting date and time | |
Tags | Priority": priority (e.g. Priority: High) | |
Deeplink | Link to the F-ISAC report Note: Tags longer than 32 characters will be ignored. | |
Client Type | PYTHON SDK | |
Client Meta Tag | stash_fs-isac |
Known Issues
No reported issues.