Submitting a Report
You can submit a report to TruSTAR in several different ways:
- Enclave Inbox: Forward suspicious phishing emails or Trust Group OSINT data into TruSTAR to get added enrichment.
- Google Chrome Extension: Highlight suspicious indicators in your browser to query if matching IOCs exists in TruSTAR. Highlight and right-click to submit data into TruSTAR.
- Slack App - Instantly query intelligence sources and submit data to TruSTAR to enrich investigations taking place in Slack conversations.
- Manual Submission - Upload any file formal directly via the TruSTAR Web App.
Manually Submitting a Report
- Click Submit in the top right of the main screen, then choose Report from the drop-down.
- Enter text in the Report Title field. If you are going to upload a file, you can leave this field blank and the title will automatically be populated with that file name.
- Set the Incident Began information. If you don't know the date, click the Unknown checkbox above.
- Add any tags you want to include in the Tags field.
- Input data for the report. There are two ways to input data:
- Upload data from a file. You can drag and drop a file into the Upload File field. You can upload any of these file types: JSON, DOC, DOCX, XML, XLS, XLSX, EML, MSG, CSV, PDF, STIX, TAXII, TEXT.
- Click Paste Text and then either paste text into the field or type directly into the field. pasting data or typing the report directly into the field.
- After you have added this data, click Next.
- Use the Submit to Enclave dropdown list to choose the enclave where you want to store the report.
- Click Email Incident Report if you want to send a copy of the report to specific addresses. See Emailing a Report for more details on this option.
- Redact the information from the report, if desired. For details on redacting information, see Redacting Data from a Report.
- Click Submit Report to finish your entry and submit the report to the enclave you selected.