Blog Introducing TruSTAR’s New Source Scoring Model

Introducing TruSTAR’s New Source Scoring Model

Having confidence in your intelligence sources is essential to running successful security operations. But measuring the effectiveness of how your intelligence sources perform against your data can be difficult.

At TruSTAR we firmly believe that the value of threat intelligence can and should be measured, which is why we’re rolling out a new Source Scoring feature.


We’re adding a new Dashboard that will leverage our Enclave architecture to quantify the value of intelligence sources relative to your organization’s data. The goal of Source Scoring is to let you quickly evaluate specific intelligence sources in your workflow and make more nuanced, actionable decisions on how to use the data from those sources.  

Where can I find this feature?

You need to have a private Enclave to take advantage of this feature. Your Station Dashboard will now have a dedicated panel to help you quickly visualize how each intelligence source has scored against your private Enclave data. If you have access to more than one private Enclave, you can select the specific Enclave for which you want to see source scoring.  

Who has access to this feature?

Source scoring is only available to TruSTAR users with private Enclaves. If you’re a free user associated with an ISAC/ISAO and interested in a trial with a private Enclave, click here.

How does this feature work?

The overall score is computed based on enrichment data from IPs, URLs, and Hashes. You can easily visualize the overall score and its breakdown for the different IOC types. The score takes into account whitelisted terms to prevent false positives from affecting the overall score. Each source score is personalized to the reports and IOCs in your specific Enclave. That’s why each of your Enclaves can have different source scores.



How are the scores calculated?

At a high level, the Source Score is calculated from three different indicator types - IPs, URLs, and Hashes. Each indicator’s score is weighted using the following evaluative criteria:

  • Uniqueness Score - The Uniqueness Score calculates the probability of the intelligence source to provide unique correlations to your Enclave data.
  • Timeliness Score - The Timeliness Score calculates the probability of the intelligence source to provide timely correlations to your Enclave data.

You can read the full technical documentation for this feature here.

What actions can I take based on this data?

You will be able to unsubscribe from sources based on the score and the value they are providing to your analysis workflow. We will also show you open source intelligence sources that you are not currently utilizing but would be valuable to your Enclave.  

What's next?

We’re starting with IPs, URLs and Hashes, and we will add more IOC types in future releases. We always welcome feedback at Reach out to your customer success rep to get a personal demo for your team on this new feature.

Ready to get started? Request an Enclave to learn how your sources are performing for you.


TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations We recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it ... Read More
How to Get the Most out of Your Community Plus Toolkit TruSTAR is the Intelligence Management Platform that powers some of the largest ISAC/ISAO threat intelligence exchanges in North America.  Read More
Announcing TruSTAR Phishing Triage & New Intelligence Scoring Capabilities Today TruSTAR has launched Phishing Triage, a new suite of features designed to automatically ingest, extract, normalize, prioritize, and take action ... Read More
COVID-19 Intelligence Briefing: What Happens Next? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More