TruSTAR Extension for Chrome

Updated 1 month ago by Elvis Hovor

This document explains how to install and use the TruSTAR extension for the Google Chrome browser.

This extension enables you to select text from any web page in Chrome and query TruSTAR Enclaves for enrichment or submit the text as an Intel Report to a TruSTAR Enclave. The extension links directly to that Intel Report in the TruSTAR Web App, where you can view the graph, conduct further analysis, and review the enrichment provided in TruSTAR.

  • Time to Install: 5 minutes

Features

Here are a few ways you can use the TruSTAR App for Chrome to aid in your investigations:

  • Submit and share data: Highlight text from any page in your browser, including Twitter, OSINT blogs, or other applications like ServiceNow and send the text to TruSTAR for for enrichment.
  • Search for Indicator matches: See something interesting? Query it to discover Intel Reports in TruSTAR that have correlations to that Indicator.
  • Add tags: If your team uses tags to track Indicators, you can easily add them with by right-clicking on highlighted text.

Supported Indicators

The TruSTAR extension for Chrome extension can query the following Indicator types:

  • Email address
  • IP address
  • URL
  • MD5
  • SHA1
  • SHA256

Requirements

  • Google Chrome browser, version 73.x or higher.

Installing the App

TruSTAR recommends installing the extension directly from the Chrome Store.

Installing from the Web Store

  1. Download the TruSTAR extension from the Chrome Web Store.
  2. Follow the Chrome Web Store instructions to add the extension to your browser. 

When installing the Chrome extension through the web store, you must accept a notice to allow the TruSTAR extension to read and change all the data on your websites you visit. This is a standard Google notice that covers all extensions that have access to data on a webpage through Chrome.

The TruSTAR Workflow App can only access data that you highlight or specifically select to send to TruSTAR. TruSTAR does automatically collect data on any webpage without your approval.

Manual Installation

  1. Download the TruSTAR extension from the Chrome Web Store.
  2. Unzip the TruSTAR Chrome Extension.zip file on your local drive.
  3. Type chrome://extensions in your Chrome browser window.
  4. Make sure the Developer Mode box has been checked.
  5. Click Load Unpacked Extension.
  6. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.

Configuring the App

  1. Locate the TruSTAR logo in the top right navbar of Chrome.
  2. Click the TruSTAR icon.
  3. Enter your TruSTAR API key and API secret. See Finding your API Keys if you don't have that information handy.
  4. Click Save.

Using the App

You can use the TruSTAR Workflow App to

  • Search Indicators in TruSTAR
  • Submit an Intel Report to TruSTAR
  • Submit a list of Indicators to TruSTAR

Searching for Indicators

  1. Highlight the text of interest and right-click to display a dropdown menu.
  2. On that menu, select TruSTAR and then click Search with TruSTAR.

You now see the search results populated in the popup in the top right of the browser.

Submitting an Intel Report

  1. Highlight the text of interest and then right-click to display a dropdown menu.
  2. On that menu, select TruSTAR and then click Submit Report to TruSTAR.
  3. Enter a report title.
  4. Select the Enclave where the report will be submitted.
  5. Add any tags (optional).
  6. Click Submit.

You now see the status message in the TruSTAR extension window, indicating that the report has been submitted to TruSTAR.

Submitting Indicators to TruSTAR

  1. Highlight the the indicators you want to submit to TruSTAR then right-click to display a dropdown menu.
  2. On that menu, choose Submit IOC to TruSTAR.
  3. Select the Enclave where you want to submit the Indicators and add any tags desired.
  4. Click Submit to send the text to TruSTAR. The IOC list is submitted through TruSTAR's Bulk Upload feature.  

You now see a status message in the TruSTAR extension window in the top right, showing that the Indicators have been submitted to TruSTAR.. You will receive an email when the list has been processed.

Only the Indicators in the highlighted text will be extracted and submitted to TruSTAR.

Removing The Extension

  1. Type chrome://extensions in your Chrome browser window.
  2. Locate the TruSTAR extension.
  3. Uncheck the Enabled box.
  4. Click the Trashcan icon to delete the extension.

FAQ

Q. How do I upgrade my TruSTAR App?

A. To  upgrade to the newest version, remove the old TruSTAR App and install the newest version from the Chrome store.

Q. Why do I see a Credentials invalid or expired... message?

A: The TruSTAR App uses OAuth tokens that need to be revalidated after 10 minutes. When you see this message, the extension is retrieving new OAuth tokens and then completing the request. This may delay a response by 5-7 seconds.

Q: I can't input my API keys into the text fields.

A: Using third-party browser extensions such as Grammarly or Ghostery may cause this issue. Try turning off these extensions while installing and configuring the TruSTAR App.

Please reach out to support@trustar.co for any additional questions.


How Did We Do?