Blog How to Get the Most out of Your Community Plus Toolkit

How to Get the Most out of Your Community Plus Toolkit

TruSTAR is the Intelligence Management Platform that powers some of the largest ISAC/ISAO threat intelligence exchanges in North America. 

Our platform gives ISAC/ISAO members one central destination to investigate events using market-leading OSINT and Premium Intelligence sources for enrichment.

Screen Shot 2020-07-22 at 9.23.28 AM

How It Works

The TruSTAR Community Plus offering helps teams operationalize ISAC/ISAO intelligence into investigations. Analysts can simultaneously query Premium Intelligence feeds, OSINT, and ISAC/ISAO intelligence to get immediate correlations on investigations for better visibility into attack vectors and techniques associated with malware families.

With TruSTAR’s Community Plus Toolkit, users can submit an unlimited number of IOCs or reports directly to the platform. TruSTAR automatically ingests, normalizes, extracts, and correlates datasets so that analysts can easily investigate and disseminate known-bad incidents to relevant teams and tools.

Accelerate Investigations With Automation

Screen Shot 2020-07-22 at 9.23.16 AM

TruSTAR helps short-staffed analyst teams save time by automating manual processes. 

When speaking with ISAC and ISAO member companies, we found that on average the enterprise security analyst spends 30-60 percent of their day wrangling data across workflows, teams, and tools. 

With TruSTAR, analysts no longer have to go through the arduous tasks of manually cleaning datasets or opening multiple tabs, hunting for enrichment data.

Analysts have the option to submit intelligence manually or automatically. TruSTAR accepts structured and unstructured data formats, and can transform indicators to STIX/TAXII protocol. You can read more about how to automate the flow of data into TruSTAR via API or integration here.

Conduct Public & Private Investigations 

Community Plus is a pre-configured environment that includes access to your ISAC or ISAO’s Member Share Enclave, as well as access to a Private Enclave for private company investigations you would like to enrich with Premium Intelligence sources and OSINT. 

“Enclaves” is TruSTAR’s terminology for how users can organize and segment data on the platform.

Suggested Use Cases 

Streamline SIEM Detection Workflows - TruSTAR automatically ingests, normalizes, and extracts intelligence sources for streamlined detection workflows. Reduce the false positive rates of alerts by enriching intelligence sources in TruSTAR and then matching them with malicious indicators in your preferred SIEM tool. 

Triage Phishing Emails - Triage user-reported suspicious emails with automated email ingest and scoring to help teams prioritize phishing emails according to risk. Teams have the option to connect orchestration tools to TruSTAR to automate escalation playbooks based on tags and scores. 

  • Enclave Inbox - Forward user-reported suspicious phishing emails into TruSTAR to get added enrichment. Emails are automatically ingested, normalized, and correlated with existing intelligence.
  • 60-Day Trial - TruSTAR is currently running a 60-day trial offer for our Enterprise Phishing Triage feature suite, which includes Priority Scoring and automation. Learn more here.

Investigate Reports With Holistic Enrichment - Visualize how ISAC/ISAO data correlates to your ongoing investigations and Premium Intelligence feeds. Analysts have the option to view link analysis via TruSTAR’s graph database via web app, or users can leverage TruSTAR’s Public API to see enrichment via your preferred investigation tools.

  • Slack App - If your SOC or Threat Intel teams collaborate via Slack, you can install TruSTAR’s app to easily share/submit reports or query IOCs directly from Slack.
  • Chrome Extension - If your team is invested in threat hunting and OSINT research, you can easily submit IOCs or query TruSTAR for enrichment by simply selecting text from any web page on Chrome.

Disseminate High-Fidelity Intel To teams & Tools - TruSTAR makes it easy to operationalize intelligence into the tools, teams, and communities most essential to your workflow. TruSTAR is an extensible platform with RESTful APIs, allowing teams to customize and control the flow of your data. Send finished investigations back to your ISAC/ISAO, or easily send intelligence into workflow applications like SIEM, Case Management, or Orchestration tools.

  • STIX/TAXII - Leverage STIX/TAXII to automate the intel ingest and dissemination to other tools in your ecosystem. 
  • Public REST API - The TruSTAR REST API enables you to easily synchronize report information available in TruSTAR with workflow applications like SIEM, Case Management, and Orchestration tools.

Get Started: Begin Submitting Data To the Platform

ISAC/ISAO members report saving 4 hours on investigations per week when they use TruSTAR to enrich investigation data.

The easiest way to get started is to set up automated data ingest via our Enclave Inbox feature. Forward user-reported suspicious phishing emails into TruSTAR to get added enrichment. Emails are automatically ingested, normalized, and correlated with existing intelligence.

To learn more about what TruSTAR can do for you, reach out to TruSTAR Community Manager Tyler Bent at or request your free credentials via your ISAC/ISAO here.

TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations We recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it ... Read More
Announcing TruSTAR Phishing Triage & New Intelligence Scoring Capabilities Today TruSTAR has launched Phishing Triage, a new suite of features designed to automatically ingest, extract, normalize, prioritize, and take action ... Read More
COVID-19 Intelligence Briefing: What Happens Next? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More