Install: TruSTAR for Phantom Cyber

Updated 2 months ago by Elvis Hovor

This document explains how to install the TruSTAR Workflow App for Phantom Cyber. You can use this App to setup Phantom orchestration playbooks that utilize the context of TruSTAR’s Intel Reports and Indicators.

Requirements

Installing the App

The certified TruSTAR Workflow App is available for direct download through the Phantom app store. TruSTAR recommends this process rather than manually installing it.

If you cannot download the app from the Phantom app store, you can manually install it using directions in the TruSTAR for Phantom FAQ.

Configuring the App

  1. Enter the required information in the Asset Info tab.
  2. Click the Asset Settings tab and enter the following information:
  • URL: https://api.trustar.co
  • OAuth client ID and secret key- Your TruSTAR API credentials (Finding your API Keys)
  • Enclave IDs: All the enclave IDs that you would like to either submit reports to or search through when using the Workflow App (Finding Enclave IDs)
  1. Click the TEST CONNECTIVITY button. If the test fails, recheck your credentials. If the test still fails, contact support@trustar.co for assistance.
  2. Click the SAVE button to save configuration details.
  3. Click the Ingest Settings tab.
  4. Change any settings, as required for your environment.
  5. Click SAVE to save any changes you made.


How Did We Do?