icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Splunkbase will be undergoing a scheduled migration and will be unavailable on Saturday, Oct 1, 2022, from 11AM to 3PM PDT

Accept License Agreements

Thank You

Downloading TruSTAR
SHA256 checksum (trustar_317.tgz) acddac5c2ad3acafbee5f258260148f0a0d108920cc0df7860e40590044b22fa SHA256 checksum (trustar_315.tgz) bc0d1aa92afdddf2db41146874d6c8254825ac03ddb5761a88dd5e5c7f26bc1d SHA256 checksum (trustar_304.tgz) e69b23fef9ebc62c0a10a09c669a8dc6007bc327332e9079667c87264b138349 SHA256 checksum (trustar_204.tgz) 06eb5547695e9d42e2f7216437ef2e56e1d112d895710da2000171e9597566a7

Flag As Inappropriate

soar

TruSTAR

Splunk SOAR Cloud
Splunk Built
Overview
This App integrates with TruSTAR to provide various hunting and reporting actions

Supported Actions Version 3.1.7

  • test connectivity: Validate credentials provided for connectivity
  • hunt ioc: Get report IDs associated with an IOC
  • hunt ip: Get report IDs associated with an IP/CIDR
  • hunt url: Get report IDs associated with a URL
  • hunt file: Get report IDs associated with a file
  • hunt email: Get report IDs associated with an email address
  • hunt cve: Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
  • hunt malware: Get report IDs associated with a malware indicator
  • hunt registry key: Get report IDs associated with a registry key
  • hunt bitcoin address: Get report IDs associated with a bitcoin address
  • get report: Get report details
  • copy report: Copy a report to another enclave
  • move report: Move a report to another enclave
  • delete report: Delete a report
  • submit report: Submit report to TruSTAR
  • update report: Update a TruSTAR report
  • safelist ioc: Add IOCs to the whitelist
  • unsafelist ioc: Remove IOC from the whitelist
  • list enclaves: List all the accessible enclaves in TruSTAR
  • list emails: Get a list of emails submitted to Phishing Triage
  • list indicators: Get a list of indictors found in phishing submissions
  • indicator reputation: Get enriched information of the indictor
  • get indicator summary: Get the structured summaries about indicators
  • get indicator metadata: Get the metadata associated with the indicator
  • triage email: Change the status of an email submission
  • parse entities: Find all of the entity terms that can be found from applying extraction rules on a chunk of text
  • list observable types: Get all valid observable types

Supported Actions Version 3.1.5

  • test connectivity: Validate credentials provided for connectivity
  • hunt ioc: Get report IDs associated with an IOC
  • hunt ip: Get report IDs associated with an IP/CIDR
  • hunt url: Get report IDs associated with a URL
  • hunt file: Get report IDs associated with a file
  • hunt email: Get report IDs associated with an email address
  • hunt cve: Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
  • hunt malware: Get report IDs associated with a malware indicator
  • hunt registry key: Get report IDs associated with a registry key
  • hunt bitcoin address: Get report IDs associated with a bitcoin address
  • get report: Get report details
  • copy report: Copy a report to another enclave
  • move report: Move a report to another enclave
  • delete report: Delete a report
  • submit report: Submit report to TruSTAR
  • update report: Update a TruSTAR report
  • safelist ioc: Add IOCs to the whitelist
  • unsafelist ioc: Remove IOC from the whitelist
  • list enclaves: List all the accessible enclaves in TruSTAR
  • list emails: Get a list of emails submitted to Phishing Triage
  • list indicators: Get a list of indictors found in phishing submissions
  • indicator reputation: Get enriched information of the indictor
  • get indicator summary: Get the structured summaries about indicators
  • get indicator metadata: Get the metadata associated with the indicator
  • triage email: Change the status of an email submission
  • parse entities: Find all of the entity terms that can be found from applying extraction rules on a chunk of text
  • list observable types: Get all valid observable types

Supported Actions Version 3.0.4

  • test connectivity: Validate credentials provided for connectivity
  • hunt ioc: Get report IDs associated with an IOC
  • hunt ip: Get report IDs associated with an IP/CIDR
  • hunt url: Get report IDs associated with a URL
  • hunt file: Get report IDs associated with a file
  • hunt email: Get report IDs associated with an email address
  • hunt cve: Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
  • hunt malware: Get report IDs associated with a malware indicator
  • hunt registry key: Get report IDs associated with a registry key
  • hunt bitcoin address: Get report IDs associated with a bitcoin address
  • get report: Get report details
  • copy report: Copy a report to another enclave
  • move report: Move a report to another enclave
  • delete report: Delete a report
  • submit report: Submit report to TruSTAR
  • update report: Update a TruSTAR report
  • safelist ioc: Add IOCs to the whitelist
  • unsafelist ioc: Remove IOC from the whitelist
  • list enclaves: List all the accessible enclaves in TruSTAR
  • list emails: Get a list of emails submitted to Phishing Triage
  • list indicators: Get a list of indictors found in phishing submissions
  • triage email: Change the status of an email submission

Supported Actions Version 2.0.4

  • test connectivity: Validate credentials provided for connectivity
  • hunt ip: Get report IDs associated with an IP/CIDR
  • hunt url: Get report IDs associated with a URL
  • hunt file: Get report IDs associated with a file
  • hunt email: Get report IDs associated with an email address
  • hunt cve: Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
  • hunt malware: Get report IDs associated with a malware indicator
  • hunt registry key: Get report IDs associated with a registry key
  • hunt bitcoin address: Get report IDs associated with a bitcoin address
  • get report: Get report details
  • submit report: Submit report to TruSTAR

Release Notes

Version 3.1.7
March 15, 2022
  • Bug fix in the output table for the ‘get report’ action
  • Bug fix for Indicator Reputation action and added limit parameter [PAPP-24807]
Version 3.1.5
Nov. 12, 2021

TruSTAR Release Notes - Published by Splunk November 12, 2021

Version - 3.1.5 - Released November 12, 2021

  • Added below mentioned new actions [PAPP-20254]

    • indicator reputation
    • get indicator summary
    • get indicator metadata
    • parse entities
    • list observable types
  • Updated the app logo [PAPP-21016]

Version 3.0.4
Sept. 21, 2021

TruSTAR Release Notes - Published by Splunk June 18, 2021

Version 3.0.4 - Released June 18, 2021

  • Added 11 new actions
Version 2.0.4
Sept. 21, 2021

TruSTAR Release Notes - Published by Splunk June 18, 2021

Version 2.0.4 - Released April 16, 2021

  • Compatibility changes for Python 3 support

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.