Advanced Search

Auto Whitelisting

Cases

Chat

Company Whitelist

Dashboard

Data Export

Enclave Email Inbox

How to Submit Reports on TruSTAR

IOC Management

MITRE ATT&CK

Managing Users

Marketplace

Navigate a Visualization

Navigating the Report Panel in the New UI

Navigation Panel

Notes

Notifications and Alerting

Reports Management

Search, Filter & Sort

Threat Actors

TruSTAR Enclaves

TruSTAR Reports

LogRhythm

Splunk ES User Guide

Splunk v1.0.9 FAQ

Splunk v1.0.9 Installation

IBM QRadar

Demisto

Phantom Cyber

JIRA Cloud

JIRA Server (Current Version)

JIRA Server (On-prem)

ServiceNow v1.1.0 FAQ

ServiceNow v1.1.0 Install

ServiceNow v1.1.0 User Guide

IBM Resilient

Chrome Extension (New Version)

Okta App

Slack

TAXII Server

Digital Shadows

RiskIQ PassiveTotal

RiskIQ Blacklist Intelligence

Shape Blackfish

SpyCloud

Cisco AMP Threat Grid

Cisco AMP Threat Grid Indicator Query

Crowdstrike Detect

Crowdstrike Falcon Intelligence

Crowdstrike Falcon Reports

FireEye iSight

Flashpoint

IBM X-Force

IBM XForce IRIS

Intel 471 Adversary Intelligence

Intel 471 Alerts

Intel 471 Malware Intelligence

Recorded Future Hash List

Recorded Future IP List

Recorded Future URL List

Recorded Future Vulnerability List

VirusTotal

A-ISAC

F-ISAC

NCFTA

AWS GuardDuty

Alienvault OTX Pulse

Cybersource

Facebook Threat Exchange

Farsight Security

Hybrid Analysis

Joe Sandbox

MISP

How To Read TruSTAR's Graph Visualization

Redaction Technology

Source Scoring Model

TruSTAR API

Admin changes on other accounts

Reset Credentials or Passwords

Setting Up Multi-Factor Authentication (MFA)

Setting up a 'Service Account'

API Usage Policy

What is TruSTAR's Privacy Policy?

Data Sources & Integrations

Intel Feeds FAQ

Intel Feeds Source URLs

Automating Email Forwarding to an Enclave Inbox

Changing the TruSTAR Station theme

Error on Login

FAQs

How do I clear my cookies and cache?

How do I send ArcSight cases to TruSTAR?

Observables Supported

Product Walkthrough

Proofpoint configuration

Scripts for Enclave Data Submit/Export

What is the TruSTAR Community?

Latest Release - v3.9.19

Product Release Notes

All Categories > FAQs > Accounts > Setting up a 'Service Account'

Setting up a 'Service Account'

Updated 1 week ago by Elvis Hovor

TruSTAR's integrations and user management allows users to set-up a service account to utilize when configuring with the TruSTAR API. This practice enables companies to have a dedicated account for affiliated API keys and tracking.

Tip: We recommend setting up a separate service account for each integration and/or script. This prevents integrations from competing with each other for the per-minute API limit.

Credentialing a Service Account

As a company admin, creating a dedicated user account is simple. Follow these steps:

Navigate to 'Settings'
Select the 'Users' tab
Select 'Add User'
Fill out the fields below:
1. Name
  1. For example:
    1. First name: Integration
    2. Last name: Splunk
2. Email address
  1. Must be accessible to get account configured
  2. Can't use an email address already credentialed on the platform
  3. For example: trustar_splunk@acme.com
3. Role
  1. We recommend the 'User' role for this purpose
4. Enclave permissions
  1. This varies depending on which integration the service account is being set-up for. See that integration's technical documentation to understand what level of permissions will be required when setting up the configuration.
    1. No Access
    2. View Only
      1. Can only see reports but can not create nor modify data for that enclave
    3. Submission Access
      1. Can submit to and see data in the enclave but cannot delete nor modify
    4. Full Access
      1. Ability to read, write, delete, modify anything present in the enclave
Once the account is set-up select 'Send Confirmation' in the user list

Example (Splunk Service Account)

A service account will will count against your company's user limit. To discuss increasing this limit please contact your account executive.

To read more on user management click here

Retrieve the API keys

Navigate to 'Settings'
On the left side panel select the API tab
After agreeing to the terms you will be able to generate the API Key and Secret.

Setting up a 'Service Account'

Credentialing a Service Account

Example (Splunk Service Account)

Retrieve the API keys

How Did We Do?

Related Articles LogRhythm SpyCloud IBM Resilient

Contact

Related Articles

LogRhythm

SpyCloud

IBM Resilient