Cybereason: Import Indicators from TruSTAR

Updated 5 months ago by TruSTAR

This script exports Indicators from specified TruSTAR Enclaves and imports them into the Cybereason environment. This can aid in detecting malicious indicators within Cybereason.

Activating This Script

Contact your TruSTAR account manager and provide the following information:

  • Source Enclave ID(s)
  • Cybereason server name and port number
  • Frequency of script execution. The default is every 24 hours but you can request a different time interval to meet your organization's needs.

Your account manager will configure the script and then email you with confirmation that it has been enabled.

How It Works

  1. Searches the specified TruSTAR Enclave(s) for Indicators that have been added since the script was last run.
  2. Writes those Indicators into JSON format that matches Cybereason's API parameters.
  3. Exports the Indicators in JSON format to Cybereason. Each Indicator is added to the blacklist reputation and set to prevent.

Any issues or questions about this script, contact

How Did We Do?