FS-ISAC

Updated 2 months ago by Elvis Hovor

This document explains how to set up and use the FS-ISAC intel feed with TruSTAR Station.

FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry's go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non-profit entity.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 2 hours
  • Time to Install: 10 minutes

Data Types

The integration pulls the following indicators from FS-ISAC:

  • IP
  • CIDR BLOCK
  • URL (including DOMAIN)
  • MD5
  • SHA1 and SHA256
  • CVE
  • BITCOIN ADDRESSES
  • SOFTWARE
  • EMAIL ADDRESS
  • REGISTRY KEY 
  • MALWARE

Requirements

  • Membership in F-ISAC
  • F-ISAC API key, email and password
TruSTAR Admin rights are required to activate this premium intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium Intel.
  4. Click Subscribe on the F-ISAC box.
  5. Click on F-ISAC logo and fill in your API key, email and password, then click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

Field 

Explanation

Example

Report Title

{indicator_type} {indicator_value} {message_subject}

IPv4 XX.XX.241.233 DoS攻撃について

External ID

Encoded value of sha256 of {Report Title}

encoded value of (XXXXXX)

Report Body

Full JSON response

Time Begiun

Created_at": posting date and time

Tags

Priority": priority (e.g. Priority: High)

Deeplink

Link to the F-ISAC report

Note: Tags longer than 32 characters will be ignored.

Client Type

PYTHON SDK

Client Meta Tag

stash_fs-isac

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.

How Did We Do?