Indicator Commands

Updated 1 week ago by TruSTAR

Use these commands to work with Observables and Indicators when building a custom integration.

Submit Observables

POST /1.3/indicators

Description: Submits Observables to TruSTAR and can include information such as when seen, tags, and notes.

Link to API documentation

Enriching Observables

These next two commands search TruSTAR Enclaves for Indicators and receive all available enrichment about them, including data from external intelligences sources that the user has access to in TruSTAR.

You can also use these two commands to search TruSTAR Enclaves for Indicators using filter conditions, such as Indicator type, Enclave, or tags, and then return that information.

Get Indicator Summaries

POST /1.3/indicators/summaries

Description: Provides structured summaries about indicators, which are derived from intelligence sources on the TruSTAR Marketplace that the user has access to.

Link to API documentation

Get Indicator Metadata

POST /1.3/indicators/metadata

Description: Provide metadata associated with an indicator, including type, value, priority level, count, sightings, first seen, last seen, Enclave IDs, and tags.

Link to API documentation

Search Indicators

GET/1.3/indicators/search

Description: Searches for all indicators that contain the given search term. If no search term is provided, the search will filter on other (optional) parameters, from and to dates, Enclave, and tags. Results are ordered by last seen time, descending.

Link to API documentation

Add Observables to Safelist

POST /1.3/whitelist

Description: Adds the submitted list of Observables to the user's Company Safelist.

Link to API documentation


How Did We Do?