Overview: Indicator Prioritization Intel Workflow

Updated 11 months ago by TruSTAR

The Indicator Prioritization Intel Workflow is a no-code data pipeline designed to automate the extraction, transformation, and sharing of Indicators that meet your specific requirements.

You can set up multiple Intel Workflows to pinpoint responses or target data to specific tools in your cybersecurity setup. Intel Workflows can reduce data wrangling, accelerate intelligence automation, and reduce false positives, making your team and your processes more efficient and more effective in making security decisions. For example, you may want one Intel Workflow to identify common malware Indicators and share that with one of your cybersecurity tools while another Intel Workflow rates and ranks IP addresses and domain names.

You must be a Company Administrator in TruSTAR to create, edit, and delete Intel Workflows.

Three Stages

Each Intel Workflow has three stages you can customize to meet your needs:

  • Inputs: Choose any of the intelligence sources available to you, either through premium subscriptions or open sources.
  • Transformations: Filter the Indicators from those sources by score and Indicator type and remove any Indicators that are on a specified safelist.
  • Destination: You can then share the data set as a new Enclave or send it on to a third-party tool using TruSTAR Workflow Apps or Managed Connectors. You can also use TruSTAR's REST API and Python SDK to meet specific destination requirements.

Check out the Intel Workflows overview on the TruSTAR YouTube channel.

How Did We Do?