Overview: Indicators

Updated 1 year ago by TruSTAR

As a security professional, you collect pieces of information, such as cases, reports, or emails that contain data about an event on a network or device. TruSTAR extracts these Observables and then enriches and scores them to provide deeper context and intelligence. These Indicators help you determine if there is harmful activity on a network, such as a security breach or other suspicious incident.

Related Links:

Viewing Indicators

The IOCs Panel is where you work with Indicators, either as a list you can filter and sort, or by viewing the details of a specific Indicator. You access the IOCs panel by clicking the IOCs icon in the Navigation Bar.

The IOCs panel has two view, each with a separate purpose:

  • List View: Displays a list of Indicators that match the current filters you have set. This is the default view. You can always return to the list by clicking on the IOC icon in the Navigation Bar.
  • Graph View: Provides a detailed look at a selected Indicator. To see an Indicator in Graph view, click on its title while in List View.

Managing Indicators

Indicators are critical to making accurate decisions throughout the investigative workflow, but effectively managing large numbers of them can be a daunting challenge. TruSTAR streamlines Indicator management throughout the entire workflow, with support for:

How Did We Do?