Data Sources & Integrations

Updated 2 months ago by Sachit Soni

Data Sources & Integrations

  • Where can I find a list of OSINT feeds?
    • You can find open and closed sources in the Marketplace on the platform.
  • API key for STIX/TAXII?
    • The API key is generated in Settings -> API in the platform. Our STIX TAXII setup guide is on the TruSTAR Support site:
  • How many lookups do we get from VirusTotal in our membership?
    • You can enter your credentials for VT in TruSTAR Marketplace, and they will count against your allotment.
  • Any limitation/throttling from API calls? Do these limitations apply to entire IT-ISAC Enclave or individual members?
    • API calls are limited to 1000 calls per day, per company.
  • Can we set-up a malware analysis sandbox for submitted files?
    • TruSTAR does not have a sandbox environment, but we can pull in reports from any sandbox tool you have into a private enclave.
  • With the on-boarding of TruSTAR, if we wanted to replicate data from our instances to a local MISP, would there be an added cost of doing so in volume/quantity of data?
    • We do not charge extra if users want to replicate our data based on volume/quantity.
  • It appears MISP is a current option for source (MISP to TruSTAR), but does not appear to be an option for TruSTAR to MISP, is that correct?
    • We don't support a native integration to send data from TruSTAR to MISP/ELK. Users can use our Python SDK to build a script to take data from TruSTAR and send it to MISP/ELK. 
  • Is ELK on the roadmap for integrations?
    • No, not currently. Users are able to use our SDK to write a script to enrich ELK data.
  • Is TheHIve on the roadmap for integrations?
    • No, not currently. This can be explored upon further request.

    How Did We Do?