Chrome Extension

Updated 1 month ago by Elvis Hovor

This document explains how to install and use the TruSTAR extension for the Google Chrome browser.

This extension enables you to select text from any webpage in Chrome and query the TruSTAR platform for additional enrichment or to submit the text as a report to an enclave in TruSTAR. The extension will show a deeplink directly to that report in TruSTAR, where you can view the graph visualization, conduct further analysis, and review the additional context provided in TruSTAR Station.

  • Time to Install: 5 minutes

Data Types

The TruSTAR extension for Chrome extension can query the following IOC types:

  • IP address
  • URL
  • MD5
  • SHA1
  • SHA256
  • Email address

Features

Here are a few ways you can use the Chrome plugin to aid in investigations:

  • Submit and Share Data: Highlight text from any page in your browser like Twitter, OSINT blogs, or even other apps like ServiceNow, then send them to TruSTAR for for enrichment.
  • Search for IOC Matches: See something interesting? Query it to see if matching IOCs exists in TruSTAR and discover reports that have correlations to that indicator.
  • Add Tags: If your team uses tags to track indicators, you can add them easily with a highlight and a right-click.

Requirements

  • Google Chrome browser, version 73.x or higher.

Installing the Extension

TruSTAR recommends installing the extension directly from the Chrome Web Store.

Installing from the Web Store

  1. Download the TruSTAR extension from the Chrome Web Store.
  2. Follow the Chrome Web Store instructions to add the extension to your browser. 

When installing the chrome extension through the web store, you must accept a notice to allow the TruSTAR extension to read and change all the data on your websites you visit. This is a standard Google notice that covers all extensions that have access to data on a webpage through Chrome. You can read what specific data TruSTAR reads from a Google Chrome page in the FAQ section later in this document.

Manual Installation

  1. Unzip TruSTAR Chrome Extension.zip on your local drive.
  2. Type chrome://extensions in your Chrome browser window.
  3. Make sure the Developer Mode box has been checked.
  4. Click Load Unpacked Extension.
  5. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.

Configuring the Extension

  1. Locate the TruSTAR logo in the top right navbar of Chrome.
  2. Click the TruSTAR icon.
  3. Enter your TruSTAR API key and API secret. You can locate your TruSTAR key and secret here: https://station.trustar.co/settings/api 
  4. Click Save.

Using the Extension

You can use this extension to

  • Search IOCs in TruSTAR
  • Submit a report to TruSTAR
  • Submit a list of IOCs to TruSTAR

Searching IOCs

  1. In your Chrome browser find an IOC of interest.
  2. Highlight the IOC and right-click on the highlighted text.
  3. On the dropdown menu, select TruSTAR and then click Search with TruSTAR.
  4. You see the search results populated in the extension window in the top right.

Submitting a Report

  1. In your Chrome browser, highlight the text you want to submit to TruSTAR.
  2. Right-click on the highlighted text to display a dropdown menu.
  3. On the dropdown menu, select TruSTAR and then click Submit Report to TruSTAR.
  4. Enter a report title.
  5. Select the enclave where the report will be submitted.
  6. Add any tags (optional).
  7. Click Submit.

You now see the status message in the TruSTAR extension window, indicating that the report has been submitted to TruSTAR.

Submitting IOCs to TruSTAR

  1. In your Chrome browser highlight the text with a list of IOC's of interest. 
  2. The IOC list will be submitted through TruSTAR's IOC management feature 
    Note: Only the IOC's in the highlighted text will be extracted and submitted into enclave in TruSTAR
  3. Select enclave to submit IOC list. 
  4. Add any tags if needed
  5. Click Submit.

You now see a status message in the TruSTAR extension window in the top right, indicating that the IOCs have been submitted to TruSTAR.. You will receive an email when the IOC list has been parsed and the submission is complete.

Removing The Extension

  1. Type chrome://extensions in your Chrome browser window.
  2. Locate the TruSTAR extension.
  3. Uncheck the Enabled box.
  4. Click the Trashcan icon to delete the extension.

FAQ

Q. How do I upgrade from an earlier TruSTAR extension?

A. To  upgrade to the newest version, remove your old TruSTAR chrome plugin (read Removing The Extension below) and re install the newest version in the chrome store (read Chrome Web Store Install).

Q. Why do I see a Credentials invalid or expired... message?

A: The TruSTAR extension uses OAuth tokens that last 10 minutes and then need to be revalidated. When you see this message, the extension is retrieving new OAuth tokens and then completing the request. This may delay a response by 5-7 seconds.

Q: What data can the TRUSTAR extension access on a webpage?

A: The TruSTAR extension can only access data that you highlight or specifically select to send to TruSTAR. Data is not automatically collected on any webpage without your approval.

Q: I can't input my API keys into the text fields.

A: Users who use 3rd party extensions such as Grammarly, Ghostery, etc. may run into this issue. Try turning off these extensions while installing and configuring the TruSTAR extension.

Q. How do I manually install this extension?

  1. Unzip TruSTAR Chrome Extension.zip on your local drive.
  2. Type chrome://extensions in your Chrome browser window.
  3. Make sure the Developer Mode box has been checked.
  4. Click Load Unpacked Extension.
  5. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.

Please reach out to support@trustar.co for any additional questions.


How Did We Do?