Chrome Extension

Updated 1 month ago by Elvis Hovor

Introduction

Searching and enriching IOCs is a core part of the SOC analyst workflow. To streamline this workflow we have developed a Chrome extension where users can select text from any webpage they viewing in a Google Chrome browser and query the TruSTAR platform for additional enrichment. Users are shown a summary of enrichment available from TruSTAR. The extension will show a deep link  that will take you to the graph visualization where you can conduct further analysis and review the additional context provided by the platform.

Easy Install

User can directly download the extension from Chrome Web Store. Please follow the Chrome Web Store instructions to add to your browser. 

Manual Install

Please contact support@trustar.co if you need to follow this process. We recommend installing our extension from the Chrome Web Store
  1. Unzip TruSTAR Chrome Extension.zip on your local drive.
  2. Type in chrome://extensions in your Chrome browser window.
  3. Make sure the Developer Mode box has been checked.
  4. Click on Load Unpacked Extension button.
  5. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.
  6. You should see the TruSTAR Chrome extension installed successfully.

    Configuration & Setup

    1. You should see the TruSTAR logo in the top right navbar of Chrome.You should see the TruSTAR logo in the top right navbar of Chrome.
    2. Click on the TruSTAR icon
    3. You should then see the following pop-up:
    4. Use your API key and API secret to enter your credentials. You can get your TruSTAR key and secret here: https://station.trustar.co/settings/api NOTE: You will only be able to paste one as navigating away from the extension closes the window losing the pasted data. So paste either the secret or key and type the other.
    5.  Click on Save button.

    Using the Chrome Extension

    1. In your Chrome browser find an IOC of interest.
    2. Highlight the IOC and right click on the highlighted text.
    3. In the drop down panel you will see “Search with TruSTAR”. Click on it.
    4. You will see the results populated in the extension window in the top right.

    REMOVING THE EXTENSION

    1. Type in chrome://extensions in your Chrome browser window.
    2. Find the TruSTAR extension.
    3. Uncheck the Enabled box.
    4. Click on the Trash can icon to delete the extension.

    Known Limitations

    Currently the Chrome extension is only capable of querying the following IOC types: IP address, URL, MD5, SHA1, SHA256, email address. We will be adding support for other IOC types in an update to be released soon.

    Troubleshooting & FAQ's

    Please reach out to support@trustar.co for any additional questions.

    How Did We Do?