TruSTAR Extension for Chrome

Updated 8 months ago by TruSTAR

This document explains how to install and use the TruSTAR extension for the Google Chrome browser. This extension enables you to select text from any web page in Chrome and query TruSTAR for enrichment or submit the text to TruSTAR as an Intelligence Report.

  • Time to Install: 5 minutes

Features

Here are a few ways you can use the TruSTAR App for Chrome to aid in your investigations:

  • Submit data to TruSTAR: Highlight text from any page in your browser, including Twitter, OSINT blogs, or other applications and send that text to TruSTAR for enrichment.
  • Search for Observable matches: See something interesting? Query it to discover if TruSTAR has correlations to that item.
  • Add tags: If your team uses tags to track Observables, you can easily add them by right-clicking on highlighted text.

Supported Observables

The TruSTAR extension for Chrome extension can query the following Observable types:

  • Email address
  • IP address
  • URL
  • MD5
  • SHA1
  • SHA256

Requirements

  • Google Chrome browser, version 73.x or higher.

Installing the Extension

TruSTAR recommends installing the extension directly from the Chrome Store.

Installing from the Web Store

  1. Download the TruSTAR extension from the Chrome Web Store.
  2. Follow the Chrome Web Store instructions to add the extension to your browser. 

When installing the Chrome extension through the web store, you must accept a notice to allow the TruSTAR extension to read and change all the data on your websites you visit. This is a standard Google notice that covers all extensions that have access to data on a webpage through Chrome.

The TruSTAR Web App can only access data that you highlight or specifically select to send to TruSTAR. TruSTAR does not automatically collect data on any webpage without your approval.

Manual Installation

  1. Download the TruSTAR extension from the Chrome Web Store.
  2. Unzip the TruSTAR Chrome Extension.zip file on your local drive.
  3. Type chrome://extensions in your Chrome browser window.
  4. Make sure the Developer Mode box has been checked.
  5. Click Load Unpacked Extension.
  6. Navigate to the folder where you unpacked the TruSTAR Chrome extension and select it.

Configuring the Extension

  1. Locate the TruSTAR logo in the top right navbar of Chrome.
  2. Click the TruSTAR icon.
  3. Enter your TruSTAR API key and API secret. See Finding your API Keys if you don't have that information handy.
  4. Click Save.

Using the Extension

You can use the Chrome extension to

  • Search for Indicators in TruSTAR
  • Submit an Intelligence Report to TruSTAR
  • Submit a list of Indicators to TruSTAR

Searching for Observables

  1. Highlight the text of interest and right-click to display a dropdown menu.
  2. On that menu, select TruSTAR and then click Search with TruSTAR.You now see the search results in the popup at the top right of the browser.

Submitting an Intelligence Report

  1. Highlight the text of interest and then right-click to display a dropdown menu.
  2. On that menu, select TruSTAR and then click Submit Report to TruSTAR.
  3. Enter a report title.
  4. Select the Enclave where the report will be submitted.
  5. Add any tags (optional).
  6. Click Submit.

You now see the status message in the TruSTAR extension window, indicating that the report has been submitted to TruSTAR.

Submitting Observables

  1. Highlight the the observable you want to submit to TruSTAR then right-click to display a dropdown menu.
  2. On that menu, choose Submit IOC to TruSTAR.
  3. Select the Enclave where you want to submit the Observables and add any tags desired.
  4. Click Submit to send the text to TruSTAR.

You now see a status message in the TruSTAR extension window in the top right, showing that the item has been submitted to TruSTAR. You will receive an email when the item has been processed.

Only the Observables in highlighted text are extracted and submitted to TruSTAR.

Removing the Extension

  1. Type chrome://extensions in your Chrome browser window.
  2. Locate the TruSTAR extension.
  3. Uncheck the Enabled box.
  4. Click the Trashcan icon to delete the extension.

FAQ

Q. How do I upgrade my TruSTAR Extension?

A. To  upgrade to the newest version, remove the old TruSTAR App and install the newest version from the Chrome store.

Q. Why do I see a Credentials invalid or expired... message?

A: The TruSTAR App uses OAuth tokens that need to be revalidated after 10 minutes. When you see this message, the extension is retrieving new OAuth tokens and then completing the request. This may delay a response by 5-7 seconds.

Q: I can't input my API keys into the text fields.

A: Using third-party browser extensions such as Grammarly or Ghostery may cause this issue. Try turning off these extensions while installing and configuring the TruSTAR App.

Please reach out to support@trustar.co for any additional questions.


How Did We Do?