Overview: Partner Resources
Welcome to TruSTAR's Partner Resources. This section introduces and explains how you can create an integration between your workflow tools and the TruSTAR platform. The enriched data in TruSTAR enclaves can be ingested by third-party tools to provide four powerful ways to enhance your investigations:
- Detect: Export data from TruSTAR into your SIEM workflow to provide more accurate and timely alerts.
- Triage: Prioritize suspicious emails by using TruSTAR to ingest emails, then extract and score indicators that are automatically sent to your orchestration workflow.
- Investigate: Dig deep into the data with TruSTAR’s Station Web App, then automate and streamline the exchange of data between TruSTAR and your cybersecurity tools.
- Disseminate: Validate and share information among internal teams, industry peers (ISACs/ISAOs) and other data systems.
TruSTAR Configuration Requirements
Every integtration needs to include basic information, including TruSTAR account information, whether or not a proxy is used, and the TruSTAR enclaves that will be accessed by the integration. The TruSTAR Configuration Requirements explains these in more detail.
When building an integration with TruSTAR, you choose what functionality to include. This may be based on your customer knowledge, the capabilities of your SIEM tools, or other factors. TruSTAR defines two levels of functionality for integrations:
- Recommended: The functions that provide the most complete and useful integrations
- Optional: The functions that enhance the integration but are not essential for it to be effective.
Integrations by Type
TruSTAR provides partner integration infomation for three different types of tools. Click on any link in the list below to learn more about the integration for that kind of toolset.