Scripts for Enclave Data Import/Export

Updated 1 month ago by Sachit Soni

TruSTAR’s team has developed a library of scripts to allow our users to import and export data from the enclaves you have access to.

If you would like access to a script or have questions about any of our available scripts please reach out to support@trustar.co

Export Indicators from an enclave into CSV

Description:

Allows users to export all indicators from a period of time and specified set of enclaves into a CSV file.

Example Use Case:

A client wants to export all indicators and metadata from their CrowdStrike Intel enclave between a date range into a CSV file to upload into their SIEM.

Find correlations between reports in 2 or more enclaves

Description:

Allows users to users to see correlations between reports in 2 enclaves and export the results into a CSV for your review.

Example Use Case:

A client wants to see reports where correlations exist between indicators in 2 different enclaves. An example would be show me reports that contain a correlation between CrowdStrike Intel and my Company’s enclave. Once you define the parameter a CSV file is populated with links to the reports that contain the correlations you have specified.

 Import data from 3rd-party server to an enclave

Description:

Allows users to connect any source of data to an enclave and import indicators or reports into your enclave.

Example Use Case:

A client wants to import data from an ISAC or an intelligence feed (Server / STIX TAXII) into a private enclave. An example would be take all indicators or reports between these dates from the server of my intel feed and import them into my enclave.

Delete reports from an enclave

Description:

Allows you to delete reports with specific text in the report title or body.  Users will also be able to delete all reports from an enclave.

Example Use Case:

A client wants all reports with “SIR” or ‘Zero’ correlations deleted from their enclave.

Upload Structured Data in a CSV into an Enclave

Description:

Uploads each row of a CSV as a TruSTAR report or indicator to the enclave you specify. Users are able to map the column headers to fields in the report or indicator.

Example Use Case:

A client has a CSV with rows of structured data and wants to upload the data into their private enclave in TruSTAR.

Move Reports between enclaves

Description:

Allows users to transfer indicators or reports from one enclave to another.

Example Use Case:

A client wants to move all indicators or reports that are tagged “phishing”, contain “SIR” in the title, etc. from an enclave to another private enclave.


How Did We Do?