Overview: Reports

Updated 2 months ago by Elvis Hovor

A TruSTAR Report is a body of structured and/or unstructured data that is uploaded to TruSTAR, where it is stored in a specific enclave and any indicators in the report are extracted and enriched with information from internal and external intelligence sources.

Viewing Reports

The Reports panel is where you work with reports in the TruSTAR Web App. You access the reports panel by clicking the Reports icon in the Navigation Bar.

The Reports panel has two views, each with a separate purpose:

  • List View: Displays a list of reports that match the current filters you have set. This is the default view for reports. You can always return to the list by clicking on the Reports icon in the Navigation Bar.
  • Graph View: Provides a detailed look at a selected report. To see a report in Graph view, click on the highlighted title of the Indicator in List View.

Submitting Reports

There are four ways to get started with adding data to your enclaves:

  • Enclave Inbox: Forward suspicious emails or Trust Group OSINT data into TruSTAR to get added enrichment.
  • Google Chrome Extension: Query or submit suspicious IOCs to TruSTAR.
  • Slack App: Instantly query intelligence sources and submit data to TruSTAR to enrich investigations taking place in Slack conversations.
  • Manual Ingest :Submit any file formal directly in TruSTAR Station.
Submissions are limited to a maximum of 2,000 IOCs per report and a maximum file size of 2MB.

Managing Reports

The following topics explain how to work with reports in the TruSTAR Web App:


Q: Where did categories go?

A: Categories, also known as public tags, were removed from the platform and replaced with the more embodying tags that are at the enclave level instead.

How Did We Do?