TruSTAR Deprecated
Deprecated. Not supported since TrueSTAR was acquired by Splunk, No available replacement.
Data Enrichment & Threat Intelligence · TruSTAR (Deprecated)
Configuration parameters
server— Server URL (e.g. https://192.168.0.1) (required)key— TruSTAR API Key (required)secret— TruSTAR API Secret (required)insecure— Trust any certificate (not secure)proxy— Use system proxy settingsfile_threshold— File Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the file maliciousurl_threshold— URL Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the URL maliciousip_threshold— IP Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the IP maliciousdomain_threshold— Domain Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the domain malicious
Commands (20)
-
domainDeprecatedCheck Domain reputation on TruStar.
-
fileDeprecatedCheck file reputation on TruSTAR.
-
ipDeprecatedCheck IP Reputation on TruSTAR.
-
trustar-add-to-whitelistAdd to allow list a list of indicator values for the user’s company.
-
trustar-correlated-reportsReturns a paginated list of all reports that contain any of the provided indicator values.
-
trustar-delete-reportDeletes a report as specified by given id (id can be TruSTAR report id or external id).
-
trustar-get-enclavesReturns the list of all enclaves that the user has access to, as well as whether they can read, create, and update reports in that enclave.
-
trustar-get-phishing-indicatorsGet phishing indicators that match the given criteria.
-
trustar-get-phishing-submissionsFetches all phishing submissions that fit the given criteria.
-
trustar-get-reportsReturns incident reports matching the specified filters. All parameters are optional: if nothing is specified, the latest 25 reports accessible by the user will be returned (matching the view the user would have by logging into Station).
-
trustar-related-indicatorsSearch all TruSTAR incident reports for provided indicators and return all correlated indicators from search results. Two indicators are considered “correlated” if they can be found in a common report.
-
trustar-remove-from-whitelistDelete an indicator from the user’s company allow list.
-
trustar-report-detailsFinds a report by its internal or external id.
-
trustar-search-indicatorsSearches for all indicators that contain the given search term.
-
trustar-search-reportsSearches for all reports that contain the given search term.
-
trustar-set-triage-statusMarks a phishing email submission with one of the phishing namespace tags.
-
trustar-submit-reportSubmit a new incident report, and receive the ID it has been assigned in TruSTAR’s system.
-
trustar-trending-indicatorsReturns the 10 indicators that have recently appeared in the most community reports. This is analogous to the Community Trends section of the dashboard on Station.
-
trustar-update-reportUpdate the report with the specified ID. Either the internal TruSTAR report ID or an external tracking ID can be used. Only the fields passed will be updated. All others will be left unchanged.
-
urlDeprecatedCheck URL reputation on TruSTAR.