Reports Basics

Updated 1 month ago by Elvis Hovor

A TruSTAR Report is a body of structured and/or unstructured data that is uploaded to TruSTAR, where it is stored in a specific enclave and any IOCs in the report are extracted and correlated with internal and external enrichment. 

Viewing Reports

The Reports panel is where you work with reports in the TruSTAR Web App. You access the reports panel by clicking the Reports icon in the Navigation Bar.

The Reports panel has two views, each with a separate purpose:

  • List View: Displays a list of reports that match the current filters you have set. This is the default view for reports. You can always return to the list by clicking on the Reports icon in the Navigation Bar.
  • Constellation View: Provides a detailed look at a selected report. To see a report in Constellation view, click on the highlighted title of the IOC in List View.

Submitting Reports

There are four ways to get started with adding data to your enclaves:

  • Enclave Inbox: Forward suspicious emails or Trust Group OSINT data into TruSTAR to get added enrichment.
  • Google Chrome Extension: Query or submit suspicious IOCs to TruSTAR.
  • Slack App: Instantly query intelligence sources and submit data to TruSTAR to enrich investigations taking place in Slack conversations.
  • Manual Ingest :Submit any file formal directly in TruSTAR Station.
Submissions are limited to a maximum of 2,000 IOCs per report and a maximum file size of 2MB.

Managing Reports

The following topics explain how to work with reports in the TruSTAR Web App:

FAQ

Q: Where did categories go?

A: Categories, also known as public tags, were removed from the platform and replaced with the more embodying tags that are at the enclave level instead.


How Did We Do?