Blog New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources

New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources


Introducing the New Context Panel

Reducing friction in the analyst workflow is central to how we evolve our product. Today TruSTAR has released a new user interface to help analysts triage and act on the insights coming from your most trusted TruSTAR Marketplace intelligence sources.

Today’s release is primarily focused on understanding context from commercial intelligence sources like CrowdStrike, Digital Shadows, Intel471 and others by converting machine readable JSON files into an analyst-friendly presentation. This context is organized using the digital equivalent of baseball cards, which makes it easier to scan vital details, like confidence scores, and pivot to linked intelligence sources.

Why Make the Change?

A few trends made us consider updating our current user experience and interface:

  • Growing Number of Intelligence Providers & Volume of Data- Analysts are relying on a larger number of intelligence sources in their decision making. Plus, the variety of information and context provided by intelligence providers is continuing to increase. 
  • Opaque Scoring Methodologies - Many intel platforms today offer custom scoring systems layered on top of confidence and risk scores provided by intelligence sources. This adds unnecessary subjectivity to the prioritization and triage process.

We know that enrichment from commercial intelligence providers is vital to accelerating analysis and workflow, but we also acknowledge that analysts often have to read through large volumes of information in order to extract relevant context. This new baseball card layout, featuring new colors, icons, and fonts has been designed to simplify the presentation of intelligence and context so that it’s easier to action off of important elements in reports.

What’s New

The entire Context Panel has been redesigned to follow the information card design paradigm

Below we’ve listed the highlights:

  • Quick Context for Faster Triage - On the front of the card, you'll see a summary table of details like risk/confidence score, kill chain, date last seen, etc. You can also view the full report content just like the earlier version. 
  • Pull-Through Scoring - TruSTAR pulls through the original confidence and risk scores from intelligence sources to offer a more objective view for prioritization. 
  • Extracted Indicators for Link Analysis - Each extracted indicator is now displayed with a self-contained card. When you flip the card, it will show all other sources that also have that indicator sighting.

Screen Shot 2019-09-30 at 12.56.46 AM

Learn More

For a more detailed rundown please visit our Knowledge Base article

We will continue making updates to our user experience, and we welcome your questions and feedback on improvements. Please don’t hesitate to send us a quick note at or visit our Customer Support Portal.

COVID-19 Impact & Community Response The following blog post details the security impact COVID-19 has on enterprise security teams. To learn more about TruSTAR and IBM’s Community effort ... Read More
Improved Submission Workflow on TruSTAR Improved Submission Workflow on TruSTAR One of TruSTAR’s key differentiators is the ability to extract and normalize indicators from structured or ... Read More
TruSTAR Announces New MITRE ATT&CK Framework Feature ABOUT MITRE ATT&CK on TruSTAR Read More