FS-ISAC

Updated 1 month ago by TruSTAR

This document explains how to set up the FS-ISAC premium intelligence source in the TruSTAR platform.

FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry's resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non-profit entity.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 2 hours
  • Time to Install: 10 minutes

Observables Supported

  • IP
  • CIDR BLOCK
  • URL (including DOMAIN)
  • MD5
  • SHA1 and SHA256
  • CVE
  • BITCOIN ADDRESSES
  • SOFTWARE
  • EMAIL ADDRESS
  • REGISTRY KEY 
  • MALWARE

Requirements

  • Membership in F-ISAC
  • F-ISAC API key, email and password
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium Intel.
  4. Click Subscribe on the F-ISAC box.
  5. Click on F-ISAC logo and fill in your API key, email and password, then click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the FS-ISAC Enclave using this format.

Field 

Explanation

Report Title

{indicator_type} {indicator_value} {message_subject}

External ID

Encoded value of sha256 of {Report Title}

Report Body

Full JSON response

Time Begiun

Created_at": posting date and time

Tags

Priority": priority (e.g. Priority: High)

Deeplink

Link to the F-ISAC report

Note: Tags longer than 32 characters will be ignored.

Client Type

PYTHON SDK

Client Meta Tag

stash_fs-isac

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.


How Did We Do?