What is a TruSTAR Report?

Updated 4 months ago by Shimon Modi

Introduction

A TruSTAR Report is a body of structured and/or unstructured data that is uploaded and IOCs (indicators) are recognized and extracted to be correlated with internal and external enrichment. Incident reports are generated by users in the TruSTAR Station. Technically an incident report is a map-like data structure that contains both metadata about the report and the report contents. 

You can view your reports in list view in the Reports page where each report will be previewed with Time Stamps, Report Title, Enclaves submitted, Tags, IOC Count, Notes, Correlations, and Content Preview (See Figure 1 below)

Figure 1

When you click on a report of interest you will be taken to the Constellation screen with link analysis visualization. To reduce distraction, our link analysis visualizations now have their own panel with updated controls. You can drill down on analyses, filter out irrelevant nodes, add notes or tags and adjust the timeline of correlations based on your requirements—all within a single panel. Users will be presented with the full JSON report content as well as graph visualization of correlations. (See Figure 2 below) 


Figure 2

A report can be Exported in the drop down menu. (See Figure 3 below)

  • Export Report: A report can be exported in various file types including: FireEye TAP, STIX, JSON, and TXT

How Did We Do?