Search using Indicators

Updated 6 days ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command returns a list of all Intel Reports that contain any of the listed Indicators.

Format

trustar-correlated-reports

Example

!trustar-correlated-reports indicators=wannacry

Inputs

Argument

Description

Required

indicators

Comma-separated Indicators. These can be any of the Indicators supported by TruSTAR.

Yes

distribution_type

Distribution type of the report. Legal values are COMMUNITY or ENCLAVE (the default).

No

enclave_ids

Comma-separated list of Enclave IDs to search. Even if distributionType is COMMUNITY, these enclaves will still be searched as well.

If no argument is specified, the default is to search all enclaves which you have Read access to in TruSTAR.

No

limit

Limit of results to return. Max value possible is 1000.

Default value is 25.

No

Outputs

The list of TruSTAR Intel Reports matching the specified arguments.


How Did We Do?