TruSTAR Platform Overview
1. Introducing TruSTAR
2. Product Architecture
3. Data Management
4. Data Processing
4.1 Data Processing: Collect
4.2 Data Processing: Prepare
4.3 Data Processing: Prioritize
4.4 Data Processing: Connect
5. Capabilities
5.1 Capabilities: Governance
5.2 Capabilities: Intel Workflows
5.3 Capabilities: Search
5.4 Capabilities: Scoring
5.5 Capabilities: Analytics
6. Interfaces
6.1 Interfaces: REST API
6.2 Interfaces: Integrations
6.3 Interfaces: Web App
7. Use Cases
7.1 Use Cases: Detect
7.2 Use Cases: Triage
7.3 Use Cases: Investigate
7.4 Use Cases: Disseminate
TruSTAR Ontology
Developer Portal
Building a Custom Integratiom
TruSTAR REST API v1.3
Case Management Integrations with REST API v1.3
Detection Integrations with REST API v1.3
SOAR Integrations with REST API v1.3
Overview: Partner Resources
Requirements for Integrations
Integrating Intelligence Sources with TruSTAR
Python SDK
REST API v1.3
REST API v2.0
Intelligence Sources
Digital Risk/ATO
Endpoint
Cisco AMP Threat Grid Indicator Query
Crowdstrike Falcon Detection
Crowdstrike Falcon Intelligence
Crowdstrike Falcon Reports
Threat Intelligence
AbuseIPDB
Alienvault OTX
Alienvault OTX Pulse
Bambenek C2 Domain Feed
Bambenek C2 IP Feed
Bambenek DGA Feed
Dragos WorldView
Facebook Threat Exchange
Farsight Security
Flashpoint
Hybrid Analysis
IBM X-Force
IBM X-Force Threat Intelligence
Intel 471 Adversary Intelligence
Intel 471 Alerts
Intel 471 Malware Intelligence
Mandiant iSight
NetLab 360 DGA Feeds
Recorded Future Hash Intelligence
Recorded Future IP Intelligence
Recorded Future URL Intelligence
Recorded Future Vulnerability Intelligence
Shodan
Symantec Threat Intelligence
VirusTotal
urlscan
Trusted Community
Other
Malware Sandboxes
How Intelligence Sources are Updated
Intelligence Sources FAQ
Open Source Intelligence Tech Specs
Overview: Intelligence Sources
Workflow Apps
Case Management
Detection
Splunk Enterprise and ES
FAQ: TruSTAR Unified App for Splunk Enterprise & Enterprise Security
Install: TruSTAR Unified App for Splunk Enterprise & Enterprise Security
User Guide: TruSTAR Unified App for Splunk Enterprise & Enterprise Security
IBM QRadar
Overview: Detection Workflow Apps
Orchestration
Demisto
User Guide: TruSTAR for Demisto
Creating a Demisto Playbook
Indicator Retrieval in Demisto
Indicator Searches in Demisto
Listing TruSTAR Enclaves in Demisto
Phishing Triage Commands for Demisto
Report Commands in Demisto
Report Searches in Demisto
User Guide: TruSTAR for Demisto
Whitelisting with Demisto
FAQ: TruSTAR for Demisto
Install: TruSTAR for Demisto
Overview: Demisto
TAXII Applications
Anomali ThreatStream
LogRhythm
Palo Alto MineMeld
TAXII Client Basics
TAXII FAQ
TruSTAR TAXII Server
Threat Intelligence Platform
Other
Workflow Apps FAQ
Scripted Extensions
Enclave Scripts
Automated Sharing Between Enclaves
Script: Correlations Between Enclaves
Script: Deleting Reports
Script: Domain-level URL Filtering
Script: Exporting Indicators
Script: Moving Data Between Enclaves
Scripts: Uploading Data
Managed Connectors
ArcSight: Upload Events to TruSTAR
Azure Sentinel: Import Indicators from TruSTAR
Crowdstrike Falcon: Import Indicators from TruSTAR
Cybereason: Import Indicators from TruSTAR
MISP: Import Reports or Indicators from TruSTAR
Overview: Managed Connectors
Proofpoint: URL Decoder
SecureWorks: Send Indicators to TruSTAR
Splunk Enterprise: Import Indicators from TruSTAR
Splunk Phantom: Enrich Notable Events
Windows Defender: Import Indicators from TruSTAR
Report Correlation Email
Vetting and Tagging Indicators
TruSTAR Web App
UI Walkthrough
1. Start Here
2. Main Window
3. Filter and Refine Panel
4. Intelligence Reports
5. Indicators
6. Marketplace
7. TruSTAR Community Chat
8. User Settings
Reports
Copying a Report
Deleting a Report
Emailing a Report
Exporting Report Data
Moving a Report
Overview: Intelligence Reports
Redacting Data from a Report
Reports Graph View
Reports List View
Reports Panel
Submitting a Report
Tagging a Report
Updating a Report
Indicators
Deleting Indicators
Exporting Indicators
IOC List View
Observable Graph View
Overview: Indicators
Tagging Indicators
Threat Actors
Uploading Indicators
Whitelisting Indicators
Phishing Triage
Overview: Phishing Triage
Phishing Triage API
Phishing Triage Python SDK
Phishing Workflow in the TruSTAR Web App
Using Phishing Triage with Detection Tools
Using Phishing Triage with Orchestration Tools
Using Phishing Triage with a TAXII Client
User Settings
Admin Features
Single Sign-On (SSO)
Enclave Inbox
Managing Users
Managing the Company Whitelist
Managing the Redaction Library
Setting Up Multi-Factor Authentication (MFA)
Setting up a Service Account
Indicator Prioritization Intel Workflow
Creating an Indicator Prioritization Intel Workflow
Deleting an Intel Workflow
Editing an Intel Workflow
FAQ: Intel Workflows
Overview: Indicator Prioritization Intel Workflow
Viewing a Data Set in Postman
Viewing an Intel Workflow
Working with Safelist Libraries
Other Features
Overview: TruSTAR Web App
Technology
FAQs
