Blog IT-ISAC Member Training: Spotlight on Splunk ES

IT-ISAC Member Training: Spotlight on Splunk ES

TruSTAR recently held a training webinar for IT-ISAC members. TruSTAR is the Intelligence Management Platform that powers IT-ISAC’s threat intelligence exchange. Our platform gives members one central destination to analyze and enrich the most relevant data sources to you.

To view the webinar recording, click here.

To request your free credentials to TruSTAR click here.

Community Plus Toolkit

The Community Plus Toolkit is a pre-configured setup for investigations that includes access to the IT-ISAC Enclave for intelligence sharing among members, and access to a Private Enclave for private investigations you would like to enrich with IT-ISAC data and OSINT. “Enclaves” is TruSTAR’s terminology for how users can organize and segment data on the platform.

TruSTAR provides access to 18 unique open source intelligence feeds, as well as a select offering of Community Plus applications, such as our front-end web application for link-analysis, the TruSTAR Slack app, the TruSTAR Chrome Extension, Email Inbox, and our API and TAXII documentation for custom scripting and automation.

The TruSTAR Community Plus offering is focused on helping you share intelligence with other members and enrich your own investigations with IT-ISAC intelligence. That being said, many users have the need to integrate back to their internal tool such as SIEM, Case Management, and Orchestration tools for automated workflows, and that's when people start to bump up to various TruSTAR Enterprise tiers of access.

TruSTAR enables teams to better prioritize their threat intel so that it aligns with their intel requirements and, through different applications, get immediate correlations on investigations for better visibility into attack vectors and techniques associated with malware families.

Phishing Triage

We have recently released a new Phishing Triage solution that takes a lot of the heavy lifting out of the sorting and prioritization of user-reported suspicious emails. Emails go into TruSTAR on one side, all the threat data being pulled in is normalized and scored, and then those emails are categorized into a High, Medium, or Low Priority Score. This allows teams to focus on what's really important and operate efficiently.

Splunk Integration


TruSTAR’s Splunk ES application helps security professionals analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage. With TruSTAR and Splunk, intelligence analysts can leverage data in Splunk ES and enrich against threat intelligence feeds and case management data to gain insight into attack trends.

Analysts can automate detection workflows by customizing data ingest preferences based on indicator type, tags, and age of indicator to cut down on data volume exchanged between tools. Users can identify, collect, and curate observables, then prioritize events based on context and prioritization scores from TruSTAR.

To learn more about TruSTAR’s Splunk ES integration, download our technical datasheet.