Enrich Indicators in TruSTAR

Updated 3 months ago by Sachit Soni

TruSTAR offers two API commands to search TruSTAR Enclaves for Indicators and receive all available enrichment about them, including data from external intelligences sources that the user has access to in TruSTAR.

Get Indicator Summaries

POST /1.3/indicators/summaries

Description: Provides structured summaries about indicators, which are derived from intelligence sources on the TruSTAR Marketplace that the user has access to.

Get Indicator Metadata

POST /1.3/indicators/metadata

Description: Provide metadata associated with an indicator, including type, value, priority level, count, sightings, first seen, last seen, Enclave IDs, and tags.

Notes

The integration must include a configuration page where the user can define the following:

  • Ability to manually or automatically enrich an Indicator. TruSTAR recommends providing a checkbox for automatic enrichment of Indicators.
  • Which Enclaves will be used for enrichment. TruSTAR recommends naming this field Enrichment Enclave IDs. If no values are specified, then all Enclaves that the user has access to in TruSTAR will be used.


How Did We Do?