Search for Related Indicators

Updated 1 week ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command searches TruSTAR Enclaves for the specified Indicators and returns all correlated Indicators from search results. Two Indicators are considered correlated if they can be found in the same Intel Report.

Format

trustar-related-indicators

Example

 !trustar-related-indicators indicators=wannacry

Inputs

Argument

Description

Required

indicators

Comma-separated indicator values. Supported Indicators

Yes

enclave_ids

Comma-separated list of Enclave IDs. Only Indicators found in Intel Reports from these Enclaves will be returned

If no argument is specified, the default is to search all enclaves which you have Read access to in TruSTAR.

No

limit

Limit of results to return. Max value possible is 1000.

If no argument is specified, the default value is 25.

No

Outputs

Path

Type

Description

TruSTAR.Indicators.indicatorType

string

Indicator type

TruSTAR.Indicators.value

string

Indicator value

File.Name

string

The full file name (including file extension).

File.MD5

String

The MD5 hash of the file.

<indicator>

String

Supported Indicators

DBotScore.Indicator

string

The indicator we tested

DBotScore.Type

string

The type of the indicator

DBotScore.Vendor

string

Vendor used to calculate the score

DBotScore.Score

number

The actual score


How Did We Do?