Cybereason: Import Indicators from TruSTAR
This script exports Indicators from specified TruSTAR Enclaves and imports them into the Cybereason environment. This can aid in detecting malicious indicators within Cybereason.
Activating This Script
Contact your TruSTAR account manager and provide the following information:
- Source Enclave ID(s)
- Cybereason server name and port number
- Frequency of script execution. The default is every 24 hours but you can request a different time interval to meet your organization's needs.
After you have provided the information, your account manager will configure the feature and then email you with confirmation that the script has been enabled.
How It Works
- Searches the specified TruSTAR Enclave(s) for Indicators that have been added since the script was last run. The default is 24 hours but you can request a customized interval.
- Writes those Indicators into JSON format that matches Cybereason's API parameters.
- Exports the Indicators in JSON format to Cybereason. Each Indicator is added to the blacklist reputation and set to prevent.
Any issues or questions about this script, please contact firstname.lastname@example.org.