Scripts for Enclave Data Submit/Export

Updated 1 month ago by Sachit Soni

TruSTAR has developed a library of scripts to allow you to submit and export data from enclaves where you have access.

If you would like access to one of these script or have questions about them, please reach out to support@trustar.co

Importing Data from a .csv File

Uploads each row of a CSV as a TruSTAR report or indicator to the enclave you specify. You can map the column headers to fields in the report or indicator.

Example Use Case

A client has a CSV with rows of structured data and wants to upload the data into their private enclave in TruSTAR.

Link: https://docs.trustar.co/sdk/examples/index.html

Importing Data to an Enclave

Connects any source of data to an enclave and imports indicators or reports into that enclave.

Example Use Case

A client wants to submit data from an ISAC or an intelligence feed (Server / STIX TAXII) into a private enclave. An example would be take all indicators or reports between these dates from the server of my intel feed and submit them into my enclave.

Exporting IOCs to a .csv File

Exports specified IOCs into a .csv file by specifying a time period and set of enclaves to use.

Example Use Case

A client wants to export all indicators and metadata from their CrowdStrike Intel enclave between a date range into a CSV file to upload into their SIEM.

Link: https://docs.trustar.co/sdk/examples/index.html

Finding Correlations Between Enclaves

Searches for correlations between reports in two different enclaves and export the results into a .csv file for further review.

Example Use Case

A client wants to see reports where correlations exist between indicators in 2 different enclaves. An example would be show me reports that contain a correlation between CrowdStrike Intel and my Company’s enclave. Once you define the parameter a CSV file is populated with links to the reports that contain the correlations you have specified.

Moving Data Between Enclaves

Transfer indicators or reports from one enclave to another.

Example Use Case

A client wants to move all indicators or reports that are tagged “phishing”, contain “SIR” in the title, etc. from an enclave to another private enclave.

Deleting Reports

Removes reports with specific text in the report title or body.  You can also delete all reports from an enclave.

Example Use Case

A client wants all reports with “SIR” or ‘Zero’ correlations deleted from their enclave.


How Did We Do?