Phishing Triage Commands

Updated 2 months ago by TruSTAR

TruSTAR offers these API commands to work with events that the user has submitted into their Phishing Enclave.

You must have the Phishing Triage feature activated in TruSTAR to use these commands.

Related Link: Overview: Phishing Triage

Get Phishing Indicators

POST /1.3/triage/indicators

Returns a list of all phishing email submissions that fit the given criteria. TruSTAR recommends offering all available filtering criteria, including Priority Event Score and status.

Link to API documentation

Get Phishing Submissions

POST /1.3/triage/submissions

Description: Returns a list of all phishing email submissions that fit the given criteria. TruSTAR recommends offering all available filtering criteria, including Priority Event Score and Status

The integration must provide a set of filtering criteria the user can select from.

Link to API documentation

Set Triage Status

POST /1.3/triage/submissions/{submissionId}/status

Description: Sets the status of a phishing email submission. By default, every submission is set to UNRESOLVED. The user can choose to change an email submission to CONFIRMED or IGNORED, based on the Priority Event Score returned by the Submissions command.

The integration must provide a way for the user specify a Submission ID and a status value.

Link to API documentation


How Did We Do?