TruSTAR Deprecated

Deprecated. Not supported since TrueSTAR was acquired by Splunk, No available replacement.

Data Enrichment & Threat Intelligence · TruSTAR (Deprecated)

Configuration parameters

  • server — Server URL (e.g. https://192.168.0.1) (required)
  • key — TruSTAR API Key (required)
  • secret — TruSTAR API Secret (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • file_threshold — File Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the file malicious
  • url_threshold — URL Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the URL malicious
  • ip_threshold — IP Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the IP malicious
  • domain_threshold — Domain Threshold (LOW, MEDIUM, HIGH). Minimum TruSTAR priority level to consider the domain malicious

Commands (20)

  • domain Deprecated

    Check Domain reputation on TruStar.

  • file Deprecated

    Check file reputation on TruSTAR.

  • ip Deprecated

    Check IP Reputation on TruSTAR.

  • trustar-add-to-whitelist

    Add to allow list a list of indicator values for the user’s company.

  • trustar-correlated-reports

    Returns a paginated list of all reports that contain any of the provided indicator values.

  • trustar-delete-report

    Deletes a report as specified by given id (id can be TruSTAR report id or external id).

  • trustar-get-enclaves

    Returns the list of all enclaves that the user has access to, as well as whether they can read, create, and update reports in that enclave.

  • trustar-get-phishing-indicators

    Get phishing indicators that match the given criteria.

  • trustar-get-phishing-submissions

    Fetches all phishing submissions that fit the given criteria.

  • trustar-get-reports

    Returns incident reports matching the specified filters. All parameters are optional: if nothing is specified, the latest 25 reports accessible by the user will be returned (matching the view the user would have by logging into Station).

  • trustar-related-indicators

    Search all TruSTAR incident reports for provided indicators and return all correlated indicators from search results. Two indicators are considered “correlated” if they can be found in a common report.

  • trustar-remove-from-whitelist

    Delete an indicator from the user’s company allow list.

  • trustar-report-details

    Finds a report by its internal or external id.

  • trustar-search-indicators

    Searches for all indicators that contain the given search term.

  • trustar-search-reports

    Searches for all reports that contain the given search term.

  • trustar-set-triage-status

    Marks a phishing email submission with one of the phishing namespace tags.

  • trustar-submit-report

    Submit a new incident report, and receive the ID it has been assigned in TruSTAR’s system.

  • trustar-trending-indicators

    Returns the 10 indicators that have recently appeared in the most community reports. This is analogous to the Community Trends section of the dashboard on Station.

  • trustar-update-report

    Update the report with the specified ID. Either the internal TruSTAR report ID or an external tracking ID can be used. Only the fields passed will be updated. All others will be left unchanged.

  • url Deprecated

    Check URL reputation on TruSTAR.