Get Phishing Indicators

Updated 2 months ago by Sachit Soni

Use this API command to retrieve Indicators from your Phishing Triage Enclave(s), based on filters you specify.

You must have the Phishing Triage feature activated in TruSTAR fo use this command.

Get Phishing Indicators

POST /1.3/triage/indicators

Description: Returns a list of indicators found in phishing submissions that fit the given criteria. If the user does not specify any filters, this command returns the most recent 1000 indicators in the specified Phishing Triage enclaves.


The integration must include a configuration page where the user can define the following:

  • Activate the Phishing Triage functionality, This should include a way to specify Phishing Enclave IDs (both submission and vetted enclaves). TruSTAR recommends naming the fields Activate Phishing Triage and Phishing Triage Enclave IDs.
  • Filter criteria, including normalized scores.

How Did We Do?