Whitelisting with Demisto

Updated 1 month ago by Elvis Hovor

The TruSTAR Workflow App for Demisto supports these actions for managing your organization's whitelist in TruSTAR:

  • Add Indicators to Whitelist
  • Get Whitelisted Indicators
  • Remove Indicators from Whitelist

Add to Whitelist

This command adds a list of Indicators to the whitelist for your organization.

Format

trustar-add-to-whitelist

Example

!trustar-add-to-whitelist indicators=8.8.8.1

Inputs

Argument

Description

Required

indicators

List of indicators to whitelist, i.e. evil.com,101.43.52.224

Yes

Outputs

None

Get Whitelisted Indicators

This command returns the list of Indicators on your organization's whitelist.

Format

trustar-get-whitelisted-indicators

Example

!trustar-get-whietlisted-indicators limit=250

Inputs

Argument

Description

Required

limit

Limit of results to return. Max value possible is 1000.

Default is 25.

Optional

Outputs

Path

Type

Description

TruSTAR.WhitelistedIndicators.indicatorType

string

File MD5

TruSTAR.WhitelistedIndicators.value

string

File SHA1

File.Name

string

The full file name

<indicator>

string

Supported indicators

DBotScore.Indicator

string

The indicator we tested

DBotScore.Type

string

The type of the indicator

DBotScore.Vendor

string

Vendor used to calculate the score

DBotScore.Score

number

The actual score

Remove from Whitelist

This command deletes a single Indicator from your oganization's whitelist.

Format

trustar-remove-from-whitelist

Example

!trustar-remove-from-whitelist indicator=8.8.8.1 indicator_type=IP

Inputs

Argument

Description

Required

indicator

The value of the indicator to remove.

Yes

indicator_type

The type of the indicator to remove.

Yes

Outputs

None


How Did We Do?