TruSTAR

This App integrates with TruSTAR to provide various hunting and reporting actions

Supported Actions

• test connectivity: Validate credentials provided for connectivity
• hunt ioc: Get report IDs associated with an IOC
• hunt ip: Get report IDs associated with an IP/CIDR
• hunt url: Get report IDs associated with a URL
• hunt file: Get report IDs associated with a file
• hunt email: Get report IDs associated with an email address
• hunt cve: Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
• hunt malware: Get report IDs associated with a malware indicator
• hunt registry key: Get report IDs associated with a registry key
• hunt bitcoin address: Get report IDs associated with a bitcoin address
• get report: Get report details
• copy report: Copy a report to another enclave
• move report: Move a report to another enclave
• delete report: Delete a report
• submit report: Submit report to TruSTAR
• update report: Update a TruSTAR report
• safelist ioc: Add IOCs to the whitelist
• unsafelist ioc: Remove IOC from the whitelist
• list enclaves: List all the accessible enclaves in TruSTAR
• list emails: Get a list of emails submitted to Phishing Triage
• list indicators: Get a list of indictors found in phishing submissions
• indicator reputation: Get enriched information of the indictor
• get indicator summary: Get the structured summaries about indicators
• get indicator metadata: Get the metadata associated with the indicator
• triage email: Change the status of an email submission
• parse entities: Find all of the entity terms that can be found from applying extraction rules on a chunk of text
• list observable types: Get all valid observable types