Observables Supported by TruSTAR

Updated 3 days ago by Elvis Hovor

The TruSTAR platform supports the identification of the following observables:

  • IPV4
  • IPV6
  • CIDR BLOCK
  • URL (Domains are currently categorized as URL's)
  • MD5
  • SHA1
  • SHA256
  • BITCOIN ADDRESSES
  • SOFTWARE (file names are currently treated as Software)
  • EMAIL ADDRESS
  • REGISTRY KEY
  • CVE (based on NIST's CVE standard)
  • MALWARE
  • THREAT ACTOR
  • PHONE NUMBERS
Please note that Phone Numbers are not extracted by default and will be need to enabled by your Account Owner on a per Enclave basis.

TruSTAR can automatically extract strings that conform to the observable types listed here and then correlate them with existing data.


How Did We Do?