true
Blog Improved Submission Workflow on TruSTAR

Improved Submission Workflow on TruSTAR

Improved Submission Workflow on TruSTAR

One of TruSTAR’s key differentiators is the ability to extract and normalize indicators from structured or unstructured submissions. These extracted indicators are critical for making correlations and enriching intelligence sources across an analyst’s workflow. 

Today we are pleased to announce an improved submission workflow.

These architectural changes that will provide two main benefits. 

  1. Data submissions will be more robust, resilient, and performant to large submission volumes. 
  2. We have made it easier for analysts to share, copy, and redact submissions for easier sharing throughout their partner ecosystem.

Read on to learn more about all the analyst workflows we have streamlined with this release.

New Submission Workflow Capabilities

Copy Report

Many TruSTAR users belong to Sharing Communities like ISACs and ISAOs. Before today’s release, users had to manually copy-paste the content into a new submission. With this update, TruSTAR developed an explicit COPY operation that makes sharing intel fast and easy. Now a copy of the entire report, along with tags, can be automatically submitted to an Enclave of the user’s choice. We have also made a copy endpoint available on our Public API for users who want to develop scripts to programmatically share reports. 

Submission_copy1

Submission_copy3

Copy & Redact Report

When sharing to other teams or peer groups, users may want to redact sensitive information from reports before making them available to their network. In the new Copy workflow, there is an option to apply your redaction library or manually redact the report before the submission process is completed. You can also remove existing tags or add new tags. This copy and redact endpoint available on our Public API for users who want to develop scripts to programmatically share and redact reports.

Submission_redact1

Submission_redact2

Move Report

Moving a report from one Enclave to another helps teams organize and keep track of reports. For example, some TruSTAR users can have an Enclave that serves as a repository of unvetted intelligence. One a report is evaluated for relevance and fidelity, they get moved into a vetted Enclave. Before the new Move Report workflow, moving a report between Enclaves was a cumbersome four-step process. With today’s release we have made this operation explicit and extremely simple to execute. We have also made a Move Report function available on our Public API, that will help automate this operation for multiple submissions at one.

Submission_move2

Simplifying Tagging for Submissions

Previously tags on submissions were either Categories (our term for publicly visible tags), or Enclave tags (private tags only visible to members of that Enclave). These tagging systems were treated differently because of permission model associated with them. Based on user feedback, there were two main issues with the existing tagging system: The difference between these two tagging classifications were never clear and the actions you could take based on tags (i.e. Search and Filter) were not consistent. As part of the architectural update we have simplified submission tagging into one system. Now permissions are determined by Enclave. Whoever has access to view the report can now also see the tags. 

Coming Soon: Increased Report Submission Volume

The significant architecture improvements in our submission workflow will allow us to increase the number of indicators we can process in each report submission. Currently, users are limited to a maximum of 500 observables per report submission. By EOY 2019, we will be gradually increasing this max limit to up to 1,500.

Learn More

For more detailed rundown please visit our Knowledge Base article.

TruSTAR Announces New MITRE ATT&CK Framework Feature ABOUT MITRE ATT&CK on TruSTAR Read More
New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources Introducing the New Context Panel Reducing friction in the analyst workflow is central to how we evolve our product. Today TruSTAR has released a new ... Read More
IBM & City of Los Angeles Select TruSTAR to Build Security Tool for Local Businesses On Tuesday, at the 2019 LA Cyber Lab Summit, The City of Los Angeles announced their business partnership with IBM Security and TruSTAR to help local ... Read More