Enclaves are secure data repositories used for storing and managing data. An Enclave enables you to analyze and enrich investigations with trusted, relevant intelligence sources, including information shared by your partners and peers, while allowing you to maintain protective access controls.
Types of Enclaves
TruSTAR provides different types of Enclaves you can use, depending on your needs.
A private Enclave stores your internal data in TruSTAR. No one outside of your organization can access your private Enclaves. You can set up multiple Enclaves to meet your needs. For example, you might have one Enclave that stores uploaded lists of IP addresses you have collected from previous investigations and a second Enclave that stores email addresses that your organization has determined are spammers.
You can use one Enclave to store source data and then copy the enriched data to a different (vetted) Enclave and use that Enclave data in your investigations. For example, the Phishing Triage uses a Phishing Enclave to store submitted emails and then copies emails that have been enriched to the Phishing Vetted Indicators Enclave.
A public Enclave is one that is shared across organizations and is available to any TruSTAR customer. For example, the COVID-19 OSINT Community Enclave is a public Enclave, created by TruSTAR to aid in identifying bad actors and malicious data related to the COVID-19 pandemic. When copying data from a private Enclave to a public Enclave, you can choose to redact information to protect the privacy of sources.
The TruSTAR Community Enclave is available to all users, and anyone can submit information to this Enclave.
Intelligence Source Enclaves
When you subscribe to an external intelligence source, such as IBM QRadar or FS-ISAC, the intelligence they provide is stored in separate Enclaves, one per source. This enables you to pick and choose the intelligence sources you want to use when conducting investigations.
For more information, see the Intro to Intelligence Source Integrations.
The Filter and Refine panel lists the Enclaves you have access to by type.
Lists the Enclaves that you own or that have been shared with you by others.
External intelligence sources that require a subscription to access and use. These include Premium Intelligence and Open Sources.
Open Sources (OSINT)
External intelligence sources that are free to all users. You may need to register with a specific organization to gain access to an enclave.
There are no limitations on the amount of data that can be stored in an Enclave.
TruSTAR does have a limit of 500 Indicators per event or Intel Report submitted through an internal/external feed. You can use the bulk upload feature to upload, tag, and categorize up to 10,000 Indicators at a time.