Detection Integrations with REST API v1.3
Integrating a detection tool with TruSTAR can support the exchange of data between the two platforms, providing enriched data that the detection tool can use in real-time analysis of security threats.
Related Link: Partner Resources explains configuration details required for all integrations.
Recommended Functions
TruSTAR recommends including these REST API v1.3 commands in your integration:
- Search for Indicators
- Enrich Observables in a Report using Get Indicator Summaries or Get Indicator Metadata. You can also filter Observables using these commands.
- Add Indicators to Company Safelist
Optional Functions
You can use these commands to send data to TruSTAR and share reports within TruSTAR:
- Submit Observables to TruSTAR
- Submit a Report
- Copy a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in TruSTAR.
- Move a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in TruSTAR.
You can include this commands to extract data from Phishing emails: