Whitelisting with Demisto
The TruSTAR Workflow App for Demisto supports these actions for managing your organization's whitelist in TruSTAR:
- Add Indicators to Whitelist
- Get Whitelisted Indicators
- Remove Indicators from Whitelist
Add to Whitelist
This command adds a list of Indicators to the whitelist for your organization.
Format
trustar-add-to-whitelist
Example
!trustar-add-to-whitelist indicators=8.8.8.1
Inputs
Argument | Description | Required |
indicators | List of indicators to whitelist, i.e. evil.com,101.43.52.224 | Yes |
Outputs
None
Get Whitelisted Indicators
This command returns the list of Indicators on your organization's whitelist.
Format
trustar-get-whitelisted-indicators
Example
!trustar-get-whietlisted-indicators limit=250
Inputs
Argument | Description | Required |
limit | Limit of results to return. Max value possible is 1000. Default is 25. | Optional |
Outputs
Path | Type | Description |
TruSTAR.WhitelistedIndicators.indicatorType | string | File MD5 |
TruSTAR.WhitelistedIndicators.value | string | File SHA1 |
File.Name | string | The full file name |
<indicator> | string | |
DBotScore.Indicator | string | The indicator we tested |
DBotScore.Type | string | The type of the indicator |
DBotScore.Vendor | string | Vendor used to calculate the score |
DBotScore.Score | number | The actual score |
Remove from Whitelist
This command deletes a single Indicator from your oganization's whitelist.
Format
trustar-remove-from-whitelist
Example
!trustar-remove-from-whitelist indicator=8.8.8.1 indicator_type=IP
Inputs
Argument | Description | Required |
indicator | The value of the indicator to remove. | Yes |
indicator_type | The type of the indicator to remove. | Yes |
Outputs
None