If you’re an intelligence analyst, you’re probably spending a lot of time searching and scraping the internet for threat intelligence to speed investigations and response. From searching Twitter and Pastebin for IOCs, to customizing Startme pages, we know high-fidelity intelligence is hard to find.
At TruSTAR, our mission is to help analyst teams ingest and normalize intelligence data into your workflow as quickly and seamlessly as possible. Today we’re proud to roll out new enhancements to our Google Chrome Extension.
What is the TruSTAR Google Chrome Extension?
Our Google Chrome Extension allows analysts to select any text in your Chrome browser and send it as a report into TruSTAR’s intelligence management platform, helping you triage investigations, collect intelligence for enrichment, and build cases for investigations faster.
How can I use the Google Chrome Extension in my investigation workflow?
Here are three ways security analysts are using the extension today.
Triage With Confidence- The first step of triaging an incident is verifying if your observable is good or bad. You can now verify maliciousness with an Enrichment Preview. Right-click an observable and see IOC correlations and enrichment along with any additional intelligence you’ve already collected within TruSTAR.
Highlight an IOC or malware name on your browser and right-click to check for enrichment on TruSTAR.
Collect Intelligence - Maybe you or a threat intelligence teammate is responsible for curating relevant intelligence from third-party sources. Our tool helps you easily highlight and ingest IOCs en masse, without all the tab sprawl and copy/paste with our Report and IOC Ingest feature. Submit observables by highlighting indicators directly in your browser, whether it’s from Pastebin, Twitter, or a website. When you submit reports using the TruSTAR Chrome Extension, you can also add the same tags you use in TruSTAR. (i.e. tag IOCs according to a campaign, Enclave, etc.)
Highlight text and right-click to create a new report.
Build A Case - Our Chrome Extension allows you to easily pull multiple IOCs into a single report on TruSTAR, enabling you to build a case outside of your normal channels and correlate it with existing data. (For example, maybe you don’t want to build a case inside ServiceNow quite yet because you’re still finalizing your data and analysis.) From there, TruSTAR helps you operationalize your intelligence across your technology stack via SIEM, Case Management, and Orchestration integrations.
Our Google Chrome Extension previously only solved the Triage use case. We are excited to add Intelligence Collection and Report Creation to our Chrome Extension use cases to help you deliver the enrichment that you need to speed through investigations with confidence.
Read to get started?
Download the TruSTAR app on Google Chrome Marketplace today.
For more detailed installation and usage instructions, visit the TruSTAR Knowledge Base.