Blog New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources

New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources


Introducing the New Context Panel

Reducing friction in the analyst workflow is central to how we evolve our product. Today TruSTAR has released a new user interface to help analysts triage and act on the insights coming from your most trusted TruSTAR Marketplace intelligence sources.

Today’s release is primarily focused on understanding context from commercial intelligence sources like CrowdStrike, Digital Shadows, Intel471 and others by converting machine readable JSON files into an analyst-friendly presentation. This context is organized using the digital equivalent of baseball cards, which makes it easier to scan vital details, like confidence scores, and pivot to linked intelligence sources.

Why Make the Change?

A few trends made us consider updating our current user experience and interface:

  • Growing Number of Intelligence Providers & Volume of Data- Analysts are relying on a larger number of intelligence sources in their decision making. Plus, the variety of information and context provided by intelligence providers is continuing to increase. 
  • Opaque Scoring Methodologies - Many intel platforms today offer custom scoring systems layered on top of confidence and risk scores provided by intelligence sources. This adds unnecessary subjectivity to the prioritization and triage process.

We know that enrichment from commercial intelligence providers is vital to accelerating analysis and workflow, but we also acknowledge that analysts often have to read through large volumes of information in order to extract relevant context. This new baseball card layout, featuring new colors, icons, and fonts has been designed to simplify the presentation of intelligence and context so that it’s easier to action off of important elements in reports.

What’s New

The entire Context Panel has been redesigned to follow the information card design paradigm

Below we’ve listed the highlights:

  • Quick Context for Faster Triage - On the front of the card, you'll see a summary table of details like risk/confidence score, kill chain, date last seen, etc. You can also view the full report content just like the earlier version. 
  • Pull-Through Scoring - TruSTAR pulls through the original confidence and risk scores from intelligence sources to offer a more objective view for prioritization. 
  • Extracted Indicators for Link Analysis - Each extracted indicator is now displayed with a self-contained card. When you flip the card, it will show all other sources that also have that indicator sighting.

Screen Shot 2019-09-30 at 12.56.46 AM

Learn More

For a more detailed rundown please visit our Knowledge Base article

We will continue making updates to our user experience, and we welcome your questions and feedback on improvements. Please don’t hesitate to send us a quick note at or visit our Customer Support Portal.

TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations We recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it ... Read More
How to Get the Most out of Your Community Plus Toolkit TruSTAR is the Intelligence Management Platform that powers some of the largest ISAC/ISAO threat intelligence exchanges in North America.  Read More
Announcing TruSTAR Phishing Triage & New Intelligence Scoring Capabilities Today TruSTAR has launched Phishing Triage, a new suite of features designed to automatically ingest, extract, normalize, prioritize, and take action ... Read More
COVID-19 Intelligence Briefing: What Happens Next? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More