I want to put my own data into a private enclave on TruSTAR. How do I do that?
- We’d love to talk more with you about enclave options. Send us your info at www.trustar.co/demo and our team will reach out.
What is an exchange enclave? What is a private enclave?
- Think about an enclave like a data repository. A private enclave stores your own data, whereas an exchange enclave is a place you share data with other like-minded members of a sharing group (like CSA or FS-ISAC). You can also pull feeds into TruSTAR, which are data streams you can turn on or off to enrich your analysis.
Where can I find your Rest API and Python SDK?
- TruSTAR provides a robust Python REST API that can be used for automation and integration.
Source files and installation instructions can be found here: https://docs.trustar.co/
- Community data is reporting that anyone on TruSTAR can access. To release a report to the community, when you create the report, hit the “Release Report to Community” button. You can also redact any proprietary information or PII before sharing.
How do we activate our credentials?
Can I set up multiple admins for my company?
- Yes, you are able to set-up multiple admins for your company. The company admin will have the access to change any member of that company’s role and permissions.
How much data can I upload to the enclave and is there any upload limitations?
- There are no limitations on data in the Enclave. We do have limitations on 500 IOCs per event/report submitted through an internal/external feed. We have a separate API Endpoint for IOC Management where you can upload/tag/categorize 10,000 IOCs at a time if required.
How do I reset my credentials?
- If you’re trying to access TruSTAR for the first time, our emailed credentials expire after 72 hours for security reasons. If that time period has passed and you missed it, no problem-- just reach out to us at firstname.lastname@example.org and we’ll reset them for you.
How do I reset my password?
- Once you’ve logged into TruSTAR once, you will be able to reset your password at any time. Just go to https://station.trustar.co and click on “Forgot your password”.
What is TruSTAR’s Security Policy?
- TruSTAR is SOC II compliant and authenticates through multi-factor authentication. We encrypt all communications through transit and at rest through SSL/TLS and VPN/SSH. Data at rest is encrypted using AES-256, and we operate through a dedicated single-tenant cloud provider hosted on AWS.
Is TruSTAR STIX-compliant?
- Yes, TruSTAR is designed to work with STIX-formatted incident reports. We also ingest JSON, XML, CSV, email listservs, and other data formats for customers. Reach out to us at email@example.com if you have questions or feedback around data rendering.
What TruSTAR IP addresses do I need to whitelist in my proxy & firewall rules?
- As a provider of a cloud-based service, and do not have traditional servers, the answer to “what IP(s) do we serve from” is not very simple.The hostname “station.trustar.co” can point to either “station-live.trustar.co” or “station-down.trustar.co”. This is based on whether a Route53 health check reaches something returning an HTTP 200 code for station-live.trustar.co.The hostname "station-live.trustar.co” points to an Application Load Balancer, which dynamically associates IP addresses based on traffic load. This means the IP addresses are subject to change, automatically, as needed by the ALB. We recommend our users to use hostname based whitelisting for accessing our services. At any point in time, the correct IPs for “station.trustar.co” can be listed with a DNS lookup for the hostname.
- Users can double-check / verify that these addresses have not changed by, at a linux / Mac OS X terminal, typing the command "host station.trustar.co" or "host api.trustar.co". These commands will show you all IP addresses that TruSTAR's URLs can resolve to.
What encryption versions does TruSTAR support?
- The TruSTAR production environment's AWS ELB uses security policy "ELBSecurityPolicy-TLS-1-1-2017-01", which supports TLS 1.1 or greater. TruSTAR will not accept requests to connect using either TLS 1.0 or SSL. Users' proxies must be equipped to use TLS 1.1 or greater.
What authentication methods does your product support for connecting to Feeds?
- TruSTAR is SOC II Compliant. Some example of security parameters include Internet-facing Web Services Use Strong TLS, Encrypted Admin Connections, Encrypted Remote Services, HTTPS everywhere, Encrypted Office Wifi. All of our feeds are based off of HTTPS based authentication framework with different types of authentication schemes. (e,g. Basic Authentication, OAuth 2.0, Digest and others). This also includes TAXII feeds likes DHS AIS and FS-ISAC.
- Data is encrypted in transit and at-rest using industry best practices. We use HTTPS to access w/ SSL is everywhere. TruSTAR is SOC II compliant.