Enclaves are secure data repositories used for storing, managing, and enriching sensitive events. A TruSTAR Enclave allows users to analyze and enrich investigations with trusted, relevant intelligence sources, including information shared by your partners and peers, while allowing you to maintain protective access controls.
You can use TruSTAR enclaves to
- Operationalize your external threat intel feeds: Using TruSTAR's enclave, you can quickly ingest external intelligence sources, including listservs, to enrich your cases. Enclaves enable you to see which intelligence sources are the most valuable to your cybersecurity investigations.
- Surface relevant intelligence within your organization: Organizations have complex access control policies that can hinder investigations. Enclaves allow you to segment duties among internal teams while surfacing relevant correlations across your entire data ecosystem. TruSTAR integrates with leading SIEM, case management, and orchestration tools to enable quick action on new information.
- Work with your threat intelligence sharing partners: You can use enclaves to selectively share and collaborate with partners and ISACs/ISAOs. Members from different organizations can use common Enclaves to submit, extract, redact, and exchange threat intelligence data into one safe environment and platform.