Filter Indicators from TruSTAR
Updated 2 weeks ago
by
Sachit Soni
Use these API commands to search TruSTAR Enclaves for Indicators using filter conditions, such as Indicator type, Enclave, or tags, and then return that information.
Get Indicator Metadata
POST /1.3/indicators/metadata
Description: Provide metadata associated with an indicator, including type, value, priority level, count, sightings, first seen, last seen, Enclave IDs, and tags.
Get Indicator Summaries
POST /1.3/indicators/summaries
Description: Provides structured summaries about indicators, which are derived from intelligence sources on the TruSTAR Marketplace that the user has access to.
Notes
The integration must include a configuration page where the user can define the following:
- Indicator types to ingest. TruSTAR's list of supported types
- Filter criteria:
- Indicator Type
- Source or Enclave ID
- Age
- Score
- Tag
- Sightings
- Time parameter for how long to keep Indicator in the external tool
