TruSTAR Platform Overview
1. Introducing TruSTAR
2. Product Architecture
3. Data Management
4. Data Processing
4.1 Data Processing: Collect
4.2 Data Processing: Prepare
4.3 Data Processing: Prioritize
4.4 Data Processing: Connect
5. Capabilities
5.1 Capabilities: Governance
5.2 Capabilities: Intelligence Workflows
5.3 Capabilities: Search
5.4 Capabilities: Scoring
5.5 Capabilities: Analytics
6. Interfaces
6.1 Interfaces: REST API
6.2 Interfaces: Integrations
6.3 Interfaces: Web App
7. Use Cases
7.1 Use Cases: Detect
7.2 Use Cases: Triage
7.3 Use Cases: Investigate
7.4 Use Cases: Disseminate
TruSTAR Ontology
Workflow Apps
Case Management
Orchestration
Demisto
User Guide: TruSTAR for Demisto
Creating a Demisto Playbook
Indicator Retrieval in Demisto
Indicator Searches in Demisto
Listing TruSTAR Enclaves in Demisto
Phishing Triage Commands for Demisto
Report Commands in Demisto
Report Searches in Demisto
User Guide: TruSTAR for Demisto
Whitelisting with Demisto
FAQ: TruSTAR for Demisto
Install: TruSTAR for Demisto
Overview: Demisto
Phantom Cyber
Detection
Splunk ES
Splunk Helpers
FAQ: TruSTAR for Splunk ES
Install: TruSTAR App for Enterprise Security
User Guide: TruSTAR for Splunk ES
Splunk
IBM QRadar
Overview: Detection Workflow Apps
TAXII Applications
Anomali ThreatStream
LogRhythm
Palo Alto MineMeld
TAXII Client Basics
TAXII FAQ
TruSTAR TAXII Server
Other
TruSTAR API
Partner Resources
Integration Commands
Indicator Commands
Enrich Indicators in TruSTAR
Filter Indicators from TruSTAR
Get Phishing Indicators
Ingest Indicators from TruSTAR
Submit Indicators to TruSTAR
Whitelist Indicators
Report Commands
Triage Phishing Submissions
Case Management Integrations
Detection Integrations
Overview: Partner Resources
SOAR Integrations
TruSTAR Configuration Requirements
Python SDK
REST API
TruSTAR Web App
UI Walkthrough
Dashboard
Enclaves
Filter and Refine Panel
Indicators
MITRE ATT&CK Framework
Main Screen
Marketplace
Navigation Bar
Reports
Searching
TruSTAR Community Chat
Using Notes
Web App Walkthrough
Reports
Copying a Report
Emailing a Report
Exporting Report Data
Moving a Report
Overview: Reports
Redacting Data from a Report
Reports Graph View
Reports List View
Reports Panel
Submitting a Report
Tagging a Report
Updating a Report
Indicators
Deleting Indicators
Exporting Indicators
IOC List View
Observable Graph View
Overview: Indicators
Tagging Indicators
Threat Actors
Uploading Indicators
Whitelisting Indicators
Phishing Triage
Overview: Phishing Triage
Phishing Triage API
Phishing Triage Python SDK
Phishing Workflow in the TruSTAR Web App
Using Phishing Triage with Detection Tools
Using Phishing Triage with Orchestration Tools
Using Phishing Triage with a TAXII Client
User Settings
Admin Features
Single Sign-On (SSO)
Enclave Inbox
Managing Users
Managing the Company Whitelist
Managing the Redaction Library
Setting Up Multi-Factor Authentication (MFA)
Setting up a Service Account
Overview: TruSTAR Web App
Intelligence Sources
Digital Risk/ATO
Endpoint
Cisco AMP Threat Grid
Cisco AMP Threat Grid Indicator Query
Crowdstrike Falcon Detect
Crowdstrike Falcon Intelligence
Crowdstrike Falcon Reports
Threat Intelligence
Dragos WorldView
FireEye iSight
IBM X-Force
IBM X-Force IRIS
Intel 471 Adversary Intelligence
Intel 471 Alerts
Intel 471 Malware Intelligence
Recorded Future Hash Intelligence
Recorded Future IP Intelligence
Recorded Future URL Intelligence
Recorded Future Vulnerability Intelligence
VirusTotal
urlscan
Trusted Community
Other
AWS GuardDuty
Alienvault OTX Pulse
Cybersource
Facebook Threat Exchange
Farsight Security
Hybrid Analysis
Joe Sandbox
TAXII Client
Threat Intelligence Platform
Technical Info
Intel Feeds Source URLs
OSINT Sources Tech Specs
Premium Intel Sources Tech Specs
RSS Open Sources Tech Specs
COVID-19 OSINT Community Enclave
How Intelligence Sources are Updated
Overview: Intelligence Sources
Scripted Extensions
Enclave Scripts
Automated Sharing Between Enclaves
Script: Correlations Between Enclaves
Script: Deleting Reports
Script: Domain-level URL Filtering
Script: Exporting Indicators
Script: Moving Data Between Enclaves
Scripts: Uploading Data
Managed Connectors
ArcSight: Upload Events to TruSTAR
Azure Sentinel: Import Indicators from TruSTAR
Crowdstrike Falcon: Import Indicators from TruSTAR
Cybereason: Import Indicators from TruSTAR
MISP: Import Reports or Indicators from TruSTAR
Overview: Managed Connectors
Proofpoint: URL Decoder
SecureWorks: Send Indicators to TruSTAR
Splunk Enterprise: Import Indicators from TruSTAR
Splunk Phantom: Enrich Notable Events
Report Correlation Email
Vetting and Tagging Indicators
Technology
FAQs
TruSTAR Policies
Applications Integrations FAQ
Clearing browser cookies and caches
Contacting TruSTAR Support
Entity Extraction FAQ
Finding Enclave IDs
Finding Report IDs
Finding Your API Keys
Indicators Supported by TruSTAR
Intelligence Sources FAQ
Login FAQ
Request to Archive Premium Intel Source
Security FAQ
Uploading Indicators FAQ
What is the TruSTAR Community?