You can search and extract Threat Actors in TruSTAR.
- How does it work today?
Similar to other IOCs, threat actors are searchable via the web and API and extracted in the graph visualization as seen here:
- How to interpret the graph visualization?
On the graph visualization, users can see all associated reports to the Threat Actor if your subscribed feeds/subscriptions containing the group.
- Who maintains the list of Threat Actors?
TruSTAR maints an extensive list from our Intel Architects along with other sources, such as MITRE.
- What's next for the Threat Actor feature?
We plan to add more functionality to Threat Actors, including:
- Users' ability to create a new threat actor profile and save it to my list of actor names for my company so that all future reports that are uploaded will have this actor name extracted and available in my list of names that I can use for associating with IOCs.
- Users' ability to manually associate IOCs with one or more threat actor(s) so that when searching for IOCs or threat actors I can see the relationships between them.
- An exportable human readable summary of threat actor details and recent activity context.