Uploading Observables FAQ

Updated 1 year ago by TruSTAR

Q. How do I add MITRE ATT&CK tags when bulk uploading Indicators?

A. To apply MITRE ATT&CK tags add them under a Tag column in your CSV and use the following format: mitre/

An example would be mitre/initial-access

Q. Will tags in a bulk upload correlate to the tags in my reports?

A. Currently, these tags are treated as separate entities and therefore will not correlate with each other.

Q. Why am I not seeing correlations from sources that I subscribe to?

A. The bulk uploading process for Indicators does not query any intelligence sources. You will only see correlations between the Indicators that you have uploaded and the intelligence sources available in the TruSTAR platform at the time of the bulk upload.

Q. Is there an API endpoint for Indicator management?

A. Yes. You can read read more here: TruSTAR API Indicators

Q. Can I pull Indicators into my detection tool using your integration?

A. Many of our integrations do support this functionality. Please check the Support documentation for your integration for more information.

How Did We Do?