Submitting a Report

Updated 5 days ago by Elvis Hovor

You can submit a report to TruSTAR in several different ways:

  • Enclave Email Inbox: Forward suspicious phishing emails or Trust Group OSINT data into TruSTAR to get added enrichment.
  • Google Chrome Extension: Highlight suspicious indicators in your browser to query if matching IOCs exists in TruSTAR. Highlight and right-click to submit data into TruSTAR. Learn more.
  • Slack App - Instantly query intelligence sources and submit data to TruSTAR to enrich investigations taking place in Slack conversations. Learn more.
  • Manual Submission - Upload any file formal directly via TruSTAR Station.

The rest of this document explain how to manually submit a report through TruSTAR Station.

Report submissions are limited to a maximum of 2,000 IOCs per report and a max file size of 2MB

Click on the “Submit” button seen in the top right of the interface. Select "Report" from the drop-down.

There are two ways to input data. The user can simply drag and drop a file into the Upload File field. File types that can be dragged and dropped include: JSON, DOC, DOCX, XML, XLS, XLSX, EML, MSG, CSV, PDF, STIX, TAXII and TEXT files.

Report Title will automatically be populated with the file name.

Incident Began is populated with the current date and time by default, but clicking in the field will allow the user to set the date. If the date the incident began is unknown check the box above the date field.

Before submitting a report, tags can be added in the tags field.

The user can also input incident report data is by clicking on the Paste Text tab, and either pasting data or typing the report directly into the field.

If a file is uploaded and corrections need to be made to the data, clicking on the Paste Text tab will allow the file to be edited.

Once the key information has been added click Next in the bottom center of the page.

Redaction

On the review page, a natural language processing tool will scan the document and provide a count of possible items to redact on the right.

Report data can be reviewed in the Original Content window. Hovering over those items will bring up a “Redact as..” (1) button that can be clicked to redact the item. Any item that has been redacted will be red in color and hovering over the item will show the original data that was redacted (2).

There are two additional methods for redacting sensitive data in a report and both rely on the redaction library panel on the right.  

  1. A user can highlight text in the Original Content window then click on the Redact Selected Text button on the right.
  2. Users can also manually add redaction items by submitting a text or CSV file for a bulk upload of terms under settings, or by selecting one of the headings and typing in the terms that should be redacted.

All items are permanently stored in the user’s redaction library and will be automatically redacted in future reports to save time. If there is ever a need to review redacted items, they can be exported via the Export button on the right.


How Did We Do?