TruSTAR App for Phantom Cyber Install
This document explains how to install and configure the provides a description TruSTAR App for Phantom Cyber. This App allows users to setup Phantom orchestration playbooks to utilize context of TruSTAR’s IOCs and reports.
- Phantom platform - see here for more details.
Installing the App
The certified TruSTAR app is available for direct download through the Phantom app store. TruSTAR recommends this process rather than manually installing it.
If you cannot download the app from the Phantom app store, you can manually install it using directions in the TruSTAR App for Phantom FAQ.
Configuring the App
- Enter the required information in the Asset Info tab.
- Click the Asset Settings tab and enter the following information:
- URL - https://api.trustar.co
- OAuth client ID - This is the API Credential available here: https://station.trustar.co/settings/api
- OAuth client secret key - This is the API Secret available here: https://station.trustar.co/settings/api
- Enclave IDs: place all the enclave id’s that you would like to either submit reports to issue hunt actions to. These are available here: https://station.trustar.co/settings/api
- Click the TEST CONNECTIVITY button. If the test fails, recheck your credentials. If the test still fails, contact email@example.com for assistance.
- Click the SAVE button to save configuration details.
- Click the Ingest Settings tab.
- Change any settings, as required for your environment.
- Click SAVE to save any changes you made.