Overview: Partner Resources
This section is designed to help you write a custom integration between your data and the TruSTAR platform. You can create integrations for three different types of third-party tools:
- Detection: Export data from TruSTAR into your detection workflow to provide more accurate and timely alerts.
- Case Management: Automate and streamline the exchange of data between TruSTAR and your cybersecurity tools.
- SOAR: Prioritize suspicious emails by using TruSTAR to ingest emails, then extract and score indicators that are then sent to your orchestration workflow.
With any integration, you can also choose to validate, redact, and share information among TruSTAR Enclaves. This means you can disseminate information to internal teams and industry peers (ISACs/ISAOs) that have access to those Enclaves.
Before You Begin
- Read the TruSTAR Product Overview so that you understand how the platofrm is structured.
- Make sure you have a TruSTAR account because you’ll need your TruSTAR API key and API Secret to build the integration.
- Choose the developer tools you want to use in coding your integration:
When building an integration with TruSTAR, you choose what functionality to include. This may be based on your customer knowledge, the capabilities of your detection tools, or other factors. TruSTAR defines two levels of functionality for integrations:
- Recommended: Provide the most useful functionality for that type of tool. Think of this as "must have" functionality, such as submitting reports to TruSTAR and enriching Observables.
- Optional: Functions that enhance the integration but are not essential. For example, you may choose to share Observables or Reports, but it is not a "must have" for most integrations.
Every integration with TruSTAR needs to include basic information, including TruSTAR account information, whether or not a proxy is used, and the TruSTAR enclaves that will be accessed by the integration. The TruSTAR Configuration Requirements explains these in more detail.