TruSTAR v2 Deprecated

Deprecated. Not supported since TrueSTAR was acquired by Splunk, No available replacement.

Data Enrichment & Threat Intelligence · TruSTAR (Deprecated)

Configuration parameters

  • server — Server URL (e.g. https://api.trustar.co) (required)
  • station — Station URL (e.g. https://station.trustar.co)
  • key — TruSTAR API Key (required)
  • secret — TruSTAR API Secret (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (22)

  • trustar-add-to-whitelist

    Add to allow list a list of indicator values for the user’s company.

  • trustar-copy-report

    Copies a report from one enclave to another.

  • trustar-correlated-reports

    Returns a list of all reports that contain any of the provided indicator values.

  • trustar-delete-report

    Deletes a report as specified by given id (id can be TruSTAR report id or external id).

  • trustar-get-enclaves

    Returns the list of all enclaves that the user has access to, as well as whether they can read, create, and update reports in that enclave.

  • trustar-get-indicators-for-report

    Return a list of indicators extracted from a report.

  • trustar-get-phishing-indicators

    Get phishing indicators that match the given criteria.

  • trustar-get-phishing-submissions

    Fetches all phishing submissions that fit the given criteria.

  • trustar-get-reports

    Returns incident reports matching the specified filters. All parameters are optional: if nothing is specified, the latest 25 reports accessible by the user will be returned (matching the view the user would have by logging into Station).

  • trustar-get-whitelisted-indicators

    Gets a list of indicators that the user’s company has added to allow list.

  • trustar-indicator-summaries

    Provides structured summaries about indicators, which are derived from intelligence sources on the TruSTAR Marketplace.

  • trustar-indicators-metadata

    Provide metadata associated with a list of indicators, including value, indicatorType, noteCount, sightings, lastSeen, enclaveIds, and tags. The metadata is determined based on the enclaves the user making the request has READ access to.

  • trustar-move-report

    Move a report from one enclave to another.

  • trustar-related-indicators

    Finds all reports that contain any of the given indicators and returns correlated indicators from those reports.

  • trustar-remove-from-whitelist

    Delete an indicator from the user’s company allow list.

  • trustar-report-details

    Finds a report by its ID and returns the report details.

  • trustar-search-indicators

    Searches for all indicators that contain the given search term.

  • trustar-search-reports

    Searches for all reports that contain the given search term.

  • trustar-set-triage-status

    Marks a phishing email submission with one of the phishing namespace tags.

  • trustar-submit-report

    Submit a new incident report, and receive the ID it has been assigned in TruSTAR’s system.

  • trustar-trending-indicators

    Find indicators that are trending in the community.

  • trustar-update-report

    Update the report with the specified ID. Either the internal TruSTAR report ID or an external tracking ID can be used. Only the fields passed will be updated. All others will be left unchanged.