Chrome Extension (New Version)

Updated 1 week ago by Elvis Hovor

Introduction

Searching and enriching IOCs is a core part of the SOC analyst workflow. To streamline this workflow we have developed a Chrome extension where users can select text from any webpage they are viewing in a Google Chrome browser and query the TruSTAR platform for additional enrichment or to submit the text as a report to their enclave in TruSTAR. Users are shown a summary of enrichment available from TruSTAR. The extension will show a deep link  that will take you to the graph visualization where you can conduct further analysis and review the additional context provided by the platform.

Installation

Chrome Web Store Install

User can directly download the extension from Chrome Web Store. Please follow the Chrome Web Store instructions to add extension to your browser. 

When installing the chrome extension through the web store users will have to accept a  notice to allow the TruSTAR extension to "read and change all the data on your websites you visit". This is a broad notice from chrome to encompass all extensions that have access to data on a webpage through chrome. You can read what data TruSTAR read's from a chrome page in the FAQ section below.


Manual Install

Please contact support@trustar.co if you need to follow this process. We recommend installing our extension from the Chrome Web Store
  1. Unzip TruSTAR Chrome Extension.zip on your local drive.
  2. Type in chrome://extensions in your Chrome browser window.
  3. Make sure the Developer Mode box has been checked.
  4. Click on Load Unpacked Extension button.
  5. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.
  6. You should see the TruSTAR Chrome extension installed successfully.

Configuration & Setup

  1. You should see the TruSTAR logo in the top right navbar of Chrome.
  2. Click on the TruSTAR icon
  3. You should then see the following pop-up:
  4. Use your API key and API secret to enter your credentials. You can get your TruSTAR key and secret here: https://station.trustar.co/settings/api 

  5.  Click on Save button.

Using the Chrome Extension

Search with TruSTAR 

  1. In your Chrome browser find an IOC of interest.
  2. Highlight the IOC and right click on the highlighted text.
  3. In the drop down panel you will see “Search with TruSTAR”. Click on it.
  4. You will see the results populated in the extension window in the top right.

Submit Report to TruSTAR

  1. In your Chrome browser highlight a text of interest to submit as a report to your enclave in TruSTAR
  2. After highlighting text right click  and select from the drop down panel “Submit Report to TruSTAR”. 

  3. Fill out a report title.
  4. Select enclave to submit report to. 
  5. Add any tags if needed and submit.
  6. You will see status message populated in the extension window in the top right after message is submitted to enclave in TruSTAR

Submit IOCs to TruSTAR

  1. In your Chrome browser highlight the text with a list of IOC's of interest. 
  2. The IOC list will be submitted through TruSTAR's IOC management feature 
    Note: Just the IOC's in the highlighted text will be extracted and submitted into enclave in TruSTAR

  3. Select enclave to submit IOC list. 
  4. Add any tags if needed and submit.
  5. You will see status message populated in the extension window in the top right after message is submitted to enclave in TruSTAR
  6. You will further receive an email when the IOC list has been parsed and submission is complete.

REMOVING THE EXTENSION

  1. Type in chrome://extensions in your Chrome browser window.
  2. Find the TruSTAR extension.
  3. Uncheck the Enabled box.
  4. Click on the Trash can icon to delete the extension.

Known Limitations

Currently the Chrome extension is only capable of querying the following IOC types: IP address, URL, MD5, SHA1, SHA256, email address.

Troubleshooting & FAQ's

Q: What data can the extension access on a webpage

A: The TruSTAR chrome plugin can only access data that the user highlights or specifically selects to send to TruSTAR. Data is not automatically collected on any chrome webpage without user approval.

Please reach out to support@trustar.co for any additional questions.

How Did We Do?