Indicators provide context to help you determine if there is harmful activity on a network, such as a security breach or other suspicious incident.
Internal information, such as cases, reports, or emails can contain data about an event on a network or device. These Events contain Observables, such as URLs, hashes, or email addresses. When you send an event to TruSTAR, the Intelligence Pipeline extracts the observables, normalizes them, and enriches them with the Intelligence Sources you have access to, thus transforming them into Indicators.
Related Link: Indicator types supported by TruSTAR
In the TruSTAR Web App, you use the Indicators Panel on the main window to view, filter, and manipulate Indicators.
Related Link: Overview: Indicators