Search for Correlated Reports

Updated 1 week ago by Elvis Hovor

Description

This command returns a list of all Intel Reports that contain any of the specified Indicators.

Format

trustar-correlated-reports

Example

!trustar-correlated-reports indicators=WANNACRY,COVID-19

Input

Argument

Description

Required

indicators

Comma-separated Indicators. These can be any of the Indicators supported by TruSTAR.

Yes

distribution_type

Distribution type of the report. Legal values are COMMUNITY or ENCLAVE (the default).

No

enclave-ids

Comma-separated list of Enclave IDs to search. Even if distributionType is COMMUNITY, these enclaves will still be searched as well.

If no argument is specified, the default is to search all enclaves which you have Read access to in TruSTAR.

No

limit

Limit of results to return. Max value possible is 1000.

Default value is 25.

No

Output

The list of correlated Intel Reports.


How Did We Do?