Get Phishing Indicators

Updated 3 months ago by Sachit Soni

TruSTAR offers one API command to retrieve Indicators from the users Phishing Triage Enclave(s), based on a set of filters set by the user.

The user must have the Phishing Triage feature activated in TruSTAR for this command to be executed.

Get Phishing Indicators

POST /1.3/triage/indicators

Description: Returns a list of indicators found in phishing submissions that fit the given criteria. If the user does not specify any filters, this command returns the most recent 1000 indicators in the specified Phishing Triage enclaves.


The integration must include a configuration page where the user can define the following:

  • Activate the Phishing Triage functionality, This should include a way to specify Phishing Enclave IDs (both submission and vetted enclaves). TruSTAR recommends naming the fields Activate Phishing Triage and Phishing Triage Enclave IDs.
  • Filter criteria, including normalized scores.

How Did We Do?