Overview: Demisto

Updated 8 months ago by Elvis Hovor

The TruSTAR Workflow App for Demisto is designed for security analysts and SOC teams seeking to automate detection, triage, investigation, and dissemination of security events. It can help you normalize and fuse intelligence sources before they are sent to Demisto, significantly reducing playbook complexity. As a result, Demisto playbooks are easier to set up and more resilient.

Combining TruSTAR and Demisto means you can easily leverage data from Premium Intelligence and ISAC/ISAO sources as well as SIEM and Case Management tools for better context and enrichment for investigations.


  1. Simplified playbook commands
  • Ingest intelligence from a single API endpoint to reduce playbook redundancy.
  • Customize data ingest and dissemination settings across full dataset.
  • Granular control over data setting for more precise playbooks that are less likely to break.
  1. Prepared data
  • Automatically ingest, extract, enrich, normalize, prioritize, and take action on observables based on sources.
  • TruSTAR abstracts away the manual programming of data normalization and preparation, making it easier to automate actions off of highly-scored events or indicators.
  1. Streamlined automation
  • Map and normalize intelligence in TruSTAR before triggering playbooks.
  • Leverage Priority Scores and Normalized Indicator Scores to automate intelligence vetting.
  • Send fully enriched intelligence into Demisto via a single unified API endpoint for streamlined playbooks

Getting Started

How Did We Do?