Install

Updated 2 days ago by Elvis Hovor

This document explains how to install and configure the TruSTAR v2 Workflow App for Demisto.

The TruSTAR Workflow App for Demisto automatically sends triggered playbook tasks to TruSTAR for enrichment, and then sends back linked information to Demisto. You can search Indicators directly from Demisto to get relevant data throughout every step of your workflow.

Time to Install: 15-30 minutes for installation from the Demisto marketplace.

Features

  • Submit open cases in Demisto to your TruSTAR enclave. The link to the TruSTAR Intel Report is automatically added to the Demisto case.
  • Enrich intelligence in open Demisto cases by querying TruSTAR Enclaves.
  • Create playbooks to automate intelligence gathering, using TruSTAR API calls. You can also use those API calls in Demisto's War Room.

Requirements

The following requirements and components need to be installed and activated for TruSTAR integration to work with Demisto

  • Demisto Server v3.6 to 4.0 (more info here)
  • Demisto Agent (D2) (more info here)
  • Demisto Engine (more info here)
While the TruSTAR integration requires no special port allocations or firewall exceptions, you do need to follow firewall and port guidelines for installing Demisto. Check here for details. For certain functions, the TruSTAR Workflow App will need access to station.trustar.co over port 443.

Installing and Configuring the TruSTAR Workflow App

  1. Login to your Demisto installation.
  2. Select Settings -> Integrations ->Servers and Services and type TruSTAR v2 in the search integration text box.
  3. Click Add Instance to install the TruSTAR Workflow App. You now see a Configuration dialog box.
  4. Enter the parameters explained in the table below.

Configuration Parameter

Required

Description

server

Yes

TruSTAR API URL. Enter https://api.trustar.co\

station

Yes

TruSTAR Station URL. Enter https://station.trustar.co

key

Yes

TruSTAR API Key Finding Your API Keys

secret

Yes

TruSTAR API Secret Key Finding Your API Keys

insecure

No

Trust any certificate.

proxy

No

Use system proxy settings.

  1. When you have finished entering the configuration parameters, click Test to check connectivity with TruSTAR.


How Did We Do?