Enrich Reports in TruSTAR
TruSTAR offers two API commands to search TruSTAR Enclaves for reports and receive all available enrichment about them, including data from external intelligences sources that the user has access to in TruSTAR.
Get Indicator Metadata
Description: Provide metadata associated with indicators in a report, including type, value, priority level, count, sightings, first seen, last seen, Enclave IDs, and tags.
Get Indicator Summaries
Description: Provides structured summaries about indicators in reports, which are derived from intelligence sources on the TruSTAR Marketplace that the user has access to.
The integration must include a configuration page where the user can define the following:
- Ability to manually or automatically enrich an report. TruSTAR recommends providing a checkbox for automatic enrichment of reports.
- Which Enclaves will be used for enrichment. TruSTAR recommends naming this field Enrichment Enclave IDs.