Chrome Extension (New Version)

Updated 4 months ago by Elvis Hovor


Searching and enriching IOCs is a core part of the SOC analyst workflow. To streamline this workflow we have developed a Chrome extension where users can select text from any webpage they are viewing in a Google Chrome browser and query the TruSTAR platform for additional enrichment or to submit the text as a report to their enclave in TruSTAR. Users are shown a summary of enrichment available from TruSTAR. The extension will show a deep link  that will take you to the graph visualization where you can conduct further analysis and review the additional context provided by the platform.

Use Case

Here are a few ways you can use the Chrome plugin to aid in investigations:

  • Submit and Share Data - Highlight text from any page in your browser like Twitter, OSINT blogs, or even other apps like ServiceNow to ingest intelligence into TruSTAR.
  • Search for IOC Matches - See something interesting? Query if matching IOCs exists in TruSTAR and discover the number of reports that have correlations to that indicator.
  • Add Tags - If your team uses tags to track indicators you can add them easily with a highlight and a right-click.


TruSTAR's chrome extension now works for Chrome browser versions 73.x and above. If you are on an older version of the Chrome browser please reach out to TruSTAR support. To  upgrade to the newest version, remove your old TruSTAR chrome plugin (read Removing The Extension below) and re install the newest version in the chrome store (read Chrome Web Store Install).

Chrome Web Store Install

User can directly download the extension from Chrome Web Store. Please follow the Chrome Web Store instructions to add extension to your browser. 

When installing the chrome extension through the web store users will have to accept a  notice to allow the TruSTAR extension to "read and change all the data on your websites you visit". This is a broad notice from chrome to encompass all extensions that have access to data on a webpage through chrome. You can read what data TruSTAR read's from a chrome page in the FAQ section below.

Manual Install

Please contact if you need to follow this process. We recommend installing our extension from the Chrome Web Store
  1. Unzip TruSTAR Chrome on your local drive.
  2. Type in chrome://extensions in your Chrome browser window.
  3. Make sure the Developer Mode box has been checked.
  4. Click on Load Unpacked Extension button.
  5. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.
  6. You should see the TruSTAR Chrome extension installed successfully.

Configuration & Setup

  1. You should see the TruSTAR logo in the top right navbar of Chrome.
  2. Click on the TruSTAR icon
  3. You should then see the following pop-up:
  4. Use your API key and API secret to enter your credentials. You can get your TruSTAR key and secret here: 

  5.  Click on Save button.

Using the Chrome Extension

Search with TruSTAR 

  1. In your Chrome browser find an IOC of interest.
  2. Highlight the IOC and right click on the highlighted text.
  3. In the drop down panel you will see “Search with TruSTAR”. Click on it.
  4. You will see the results populated in the extension window in the top right.

Submit Report to TruSTAR

  1. In your Chrome browser highlight a text of interest to submit as a report to your enclave in TruSTAR
  2. After highlighting text right click  and select from the drop down panel “Submit Report to TruSTAR”. 

  3. Fill out a report title.
  4. Select enclave to submit report to. 
  5. Add any tags if needed and submit.
  6. You will see status message populated in the extension window in the top right after message is submitted to enclave in TruSTAR

Submit IOCs to TruSTAR

  1. In your Chrome browser highlight the text with a list of IOC's of interest. 
  2. The IOC list will be submitted through TruSTAR's IOC management feature 
    Note: Just the IOC's in the highlighted text will be extracted and submitted into enclave in TruSTAR

  3. Select enclave to submit IOC list. 
  4. Add any tags if needed and submit.
  5. You will see status message populated in the extension window in the top right after message is submitted to enclave in TruSTAR
  6. You will further receive an email when the IOC list has been parsed and submission is complete.

Removing The Extension

  1. Type in chrome://extensions in your Chrome browser window.
  2. Find the TruSTAR extension.
  3. Uncheck the Enabled box.
  4. Click on the Trash can icon to delete the extension.

Known Limitations

Currently the Chrome extension is only capable of querying the following IOC types: IP address, URL, MD5, SHA1, SHA256, email address.

Troubleshooting & FAQ's

Q: If I come back to the Chrome app after some time I see a message "Credentials invalid or expired, fetching new token and trying again...". Is this an error?

A: The chrome app uses OAuth tokens that last 10 minutes and then need to be revalidated. When you see this message the app is retrieving new OAuth tokens and then completing the request. You should see a response that takes a bit longer than usual, around 5-7 seconds.

Q: What data can the extension access on a webpage

A: The TruSTAR chrome plugin can only access data that the user highlights or specifically selects to send to TruSTAR. Data is not automatically collected on any chrome webpage without user approval.

Q: I am having issues inputting my API keys into the text fields to enable the extension

A: Users who use 3rd party extensions such as Grammarly, Ghostery, etc. may run into this issue. We recommend turning these off as you get this extension set-up. 

Please reach out to for any additional questions.

How Did We Do?