Fetch Indicator Metadata

Updated 6 days ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command returns the metadata associated with a list of Indicators, including value, indicatorType, noteCount, sightings, lastSeen, enclaveIds, and tags.

Format

trustar-indicators-metadata

Example

!trustar-indicators-metadata indicators=37.26.xx.yyy

Inputs

Argument

Description

Required

indicators

Comma-separated Indicators. Supported Indicators

Yes

enclave_ids

List of enclave IDs to search. The default is to search all Enclaves that you have read access to. Finding Enclave IDs

No

Outputs

Path

Type

Description

TruSTAR.IndicatorsMetadata.notes

string

Indicator notes

TruSTAR.IndicatorsMetadata.indicatorType

string

Indicator type

TruSTAR.IndicatorsMetadata.firstSeen

Date

Indicator first seen value

TruSTAR.IndicatorsMetadata.correlationCount

Number

Indicator correlation count

TruSTAR.IndicatorsMetadata.value

string

Indicator value

TruSTAR.IndicatorsMetadata.lastSeen

Date

Indicator last seen value

TruSTAR.IndicatorsMetadata.tags

string

Indicator tags

TruSTAR.IndicatorsMetadata.enclaveIds

string

Enclave IDs where indicator is present

File.Name

string

The full file name (including file extension).

<indicator>

string

Supported Indicators

DBotScore.Indicator

string

The indicator we tested

DBotScore.Type

string

The type of the indicator

DBotScore.Vendor

string

Vendor used to calculate the score

DBotScore.Score

number

The actual score


How Did We Do?