FAQ: Intel Workflows
Q. How long does it take to process an Intel Workflow?
Intel Workflows are processed every 40 minutes, so it may take up to 40 minutes for new or edited Workflows to produce a new destination data set.
Q. Why don't I see an Indicator from a new Report in my destination data set?
It may take up to four hours for new sources to be completely enriched and scored in TruSTAR. After that enrichment process has been completed, the Indicator will be available for Intel Workflows.
Q. How long does it take for an edit or change in my Intel Workflow configuration to go into effect?
A change or edit to Sources or Transformations will be applied every 24 hours at 12:00 am PST. At this time the updated config will retroactively recompute the last 30 days of data.
Q. How do I use the data set from an Intel Workflows with my existing workflow tools?
During early release of this feature, you can build a custom script using TruSTAR’s API 2.0.
We will be releasing Intel workflows capability into selected workflow apps on a rolling basis. You can contact your TruSTAR account manager for more detailed information.
Q. Can I see the Intel Workflow data set in the TruSTAR Web App or in a Destination Enclave?
The output from an Intel Workflow is designed to be sent directly to a TruSTAR Workflow App, so there is no visible Enclave for the data set. You can view specific Indicators or Reports in Source Enclaves.
Q. How can I check the data set to verify if the results are showing what I need?
For a quick review of the results of your enclave, reference this KB article: https://trustar.helpdocs.io/article/mm1led2r2x-viewing-a-data-set
Q. Why don't I see the Intel Workflows feature in my TruSTAR Web App?
This feature is available for only Enterprise customers, ISAC teams and MSPs. If you don't see the Intel Workflows icon on your Navigation toolbar, contact your TruSTAR account manager to request Early Access.
Q. What Sources will be available to Workflows for GA release?
- Alienvault OTX
- Alienvault OTX Pulse
- Bambenek C2 Domain Feed
- Bambenek C2 IP Feed
- Bambenek DGA Domain Feed
- Cofense Intelligence
- Crowdstrike Falcon Detection
- CrowdStrike Falcon Intelligence
- Digital Shadows
- Dragos WorldView
- H-ISAC TLP Amber
- Hybrid Analysis
- IBM X-Force
- Intel 471 Malware Intelligence
- Joe Sandbox
- NetLab 360 DGA
- Risk Analytics
- Spamhaus XBL