Latest Version 3.0.4
September 17, 2021
TruSTAR
This App integrates with TruSTAR to provide various hunting and reporting actions
Built by
Compatibility
SOAR On-Prem, SOAR Cloud
Platform Version: 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.10, 4.9
Rating
0
(0)
Log in to rate this app
Support
Splunk Supported connector
Ranking
#4
in Investigative
This App integrates with TruSTAR to provide various hunting and reporting actions
Supported Actions
- test connectivity: Validate credentials provided for connectivity
- hunt ioc: Get report IDs associated with an IOC
- hunt ip: Get report IDs associated with an IP/CIDR
- hunt url: Get report IDs associated with a URL
- hunt file: Get report IDs associated with a file
- hunt email: Get report IDs associated with an email address
- hunt cve: Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
- hunt malware: Get report IDs associated with a malware indicator
- hunt registry key: Get report IDs associated with a registry key
- hunt bitcoin address: Get report IDs associated with a bitcoin address
- get report: Get report details
- copy report: Copy a report to another enclave
- move report: Move a report to another enclave
- delete report: Delete a report
- submit report: Submit report to TruSTAR
- update report: Update a TruSTAR report
- safelist ioc: Add IOCs to the whitelist
- unsafelist ioc: Remove IOC from the whitelist
- list enclaves: List all the accessible enclaves in TruSTAR
- list emails: Get a list of emails submitted to Phishing Triage
- list indicators: Get a list of indictors found in phishing submissions
- triage email: Change the status of an email submission
Categories
Investigative
Created By
Splunk Inc.
Source Code
GitHub(Opens new window)Type
connector
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing