5.3 Capabilities: Search

Updated 2 years ago by TruSTAR

TruSTAR provides advanced search and filter capabilities that leverage attributes, tags, and notes attached to Indicators.  You can use the TruSTAR REST API or Web App to search for an Indicator and then view a summary or deep dive into Intelligence Reports or Events that contain that Indicator. 

You can filter Indicator search results by attribute or priority score, enabling you to fine-tune a group of Indicators to use as a detection set for security alerts. 

TruSTAR stores all Intelligence Reports, so you can also read the entire report(s) that contributed to the Indicator summary, providing additional context for your decision-making processes.

Related Links

How Did We Do?