You can build a custom integration btween the TruSTAR platform and a SOAR tool that exchanges data between the two platforms. This can provide enriched data that the SOAR tool can use in automating responses to security threats. The integration can also support the sharing of that enriched data with multiple teams in an organization as well as with external teams.
Related Link: Partner Resources explains configuration details required for all integrations.
TruSTAR recommends including these commands in your SOAR integration:
- Submit Observables to TruSTAR
- Enrich Observables in a Report using Get Indicator Summaries or Get Indicator Metadata. You can also filter Observables using these commands.
- Submit a Report
- Search for Indicators
You can use these commands to add functionality:
- Add Indicators to Company Safelist
- Copy a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in TruSTAR.
- Move a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in TruSTAR.
You can include two additional commands that support the triage of Phishing emails: