TruSTAR Enclaves

Updated 1 week ago by Elvis Hovor

Enclaves are secure data repositories used for storing, managing, and enriching sensitive events. A TruSTAR Enclave allows users to analyze and enrich investigations with trusted, relevant intelligence sources, including information shared by your partners and peers, while allowing you to maintain protective access controls.

You can use TruSTAR Enclaves to

  • Operationalize external intelligence sources: You can quickly ingest external intelligence sources as Enclaves to enrich your cases.
  • Surface relevant intelligence: Enclaves allow you to segment duties among internal teams while surfacing relevant correlations across your entire data ecosystem. TruSTAR integrates with leading SIEM, case management, and orchestration tools to enable quick action on new information.  
  • Work with threat intelligence partners: You can use Enclaves to selectively share and collaborate with partners and ISACs/ISAOs. Members from different organizations can use common Enclaves to submit, extract, redact, and exchange threat intelligence data into one safe environment and platform.

Types of Enclaves

TruSTAR provides different types of Enclaves, described here by function.

Private Enclaves

You can create one or more private Enclaves that store Intel Reports and Indicators from your own investigations. You can use Enclaves to store one or many types of events, depending on your needs.

Community Enclave

The TruSTAR Community Enclave is available to all users, and anyone can submit information to this Enclave.

Intelligence Source Enclaves

When you subscribe to an external intelligence source, such as IBM QRadar or FS-ISAC, the intelligence they provide is stored in separate Enclaves, one per source. This enables you to pick and choose the intelligence sources you want to use when conducting investigations.

For more information, see the Intro to Intelligence Source Integrations.

Enclave Limits

There are no limitations on the amount of data that can be stored in an Enclave.

TruSTAR does have a limit of 500 Indicators per event or Intel Report submitted through an internal/external feed. You can use the bulk upload feature to upload, tag, and categorize up to 10,000 Indicators at a time.

How Did We Do?