Enrich Reports in TruSTAR

Updated 1 month ago by Sachit Soni

TruSTAR offers two API commands to search TruSTAR Enclaves for reports and receive all available enrichment about them, including data from external intelligences sources that the user has access to in TruSTAR.

Get Indicator Metadata

POST /1.3/indicators/metadata

Description: Provide metadata associated with indicators in a report, including type, value, priority level, count, sightings, first seen, last seen, Enclave IDs, and tags.

Get Indicator Summaries

POST /1.3/indicators/summaries

Description: Provides structured summaries about indicators in reports, which are derived from intelligence sources on the TruSTAR Marketplace that the user has access to.

Notes

The integration must include a configuration page where the user can define the following:

  • Ability to manually or automatically enrich an report. TruSTAR recommends providing a checkbox for automatic enrichment of reports.
  • Which Enclaves will be used for enrichment. TruSTAR recommends naming this field Enrichment Enclave IDs.


How Did We Do?