Blog How RH-ISAC Members Use TruSTAR to Automate and Action Shared Intelligence

How RH-ISAC Members Use TruSTAR to Automate and Action Shared Intelligence

RH-ISAC recently held a webinar for their members outlining the benefits they receive from TruSTAR. TruSTAR is the Intelligence Management Platform that powers RH-ISAC’s threat intelligence exchange. Our platform gives members one central destination to analyze and enrich the most relevant data sources to you.

Benefits as an RH-ISAC member

  • Ingest and operationalize intelligence from the RH-ISAC community and 20+ OSINT sources into your SIEM.
  • Surface your most relevant intelligence with custom Dashboards that mine historical incident data correlations to make faster, more informed decisions about relevant threats.
  • Search and navigate through the latest reports to access meta information like the number of IOCs extracted, excerpts of report content, correlation counts, time of submission, and other relevant high-level information.
  • Visualize correlations from RH-ISAC listserv and OSINT data with intuitive UI and graph database technology.
  • Easily submit and share reports among RH-ISAC members, with built-in redaction features to remove sensitive PII.

To request your free credentials to TruSTAR click here.

Community Plus Toolkit

The Community Plus Toolkit is a pre-configured setup for investigations that includes access to the RH-ISAC Enclave for intelligence sharing among members, and access to a Private Enclave for private investigations you would like to enrich with RH-ISAC data and OSINT. “Enclaves” is TruSTAR’s terminology for how users can organize and segment data on the platform.

TruSTAR provides access to 18 unique open source intelligence feeds, as well as a select offering of Community Plus applications, such as our front-end web application for link-analysis, the TruSTAR Slack app, the TruSTAR Chrome Extension, Email Inbox, and our API and TAXII documentation for custom scripting and automation.

The TruSTAR Community Plus offering is focused on helping you share intelligence with other members and enrich your own investigations with RH-ISAC intelligence. That being said, many users have the need to integrate back to their internal tool such as SIEM, Case Management, and Orchestration tools for automated workflows, and that's when people start to bump up to various TruSTAR Enterprise tiers of access.

TruSTAR enables teams to better prioritize their threat intel so that it aligns with their intel requirements and, through different applications, get immediate correlations on investigations for better visibility into attack vectors and techniques associated with malware families.


With TruSTAR, you are able to customize your environment with enclaves for different use cases. This allows you to organize and store data according to teams, use case, permissions, or fidelity.

  • Private Enclave - Your private space to enrich company investigations with OSINT and RH intelligence.
  • RH Vetted Enclave - Curated member intelligence managed by RH-ISAC.
  • Dark Web Working Group - Opt-in working group for Dark Web intelligence collection and sharing.

You can collaborate with peers and trusted partners by easily pulling and sharing data from ISACs, ISAOs, teams, and departments, allowing you to control data access and security.

Use enclaves for automation by leveraging Public API, TAXII, or MISP to connect SIEM, Case Management, and Orchestration tools to TruSTAR.

Phishing Triage

We have recently released a new Phishing Triage solution that takes a lot of the heavy lifting out of the sorting and prioritization of user-reported suspicious emails. Emails go into TruSTAR on one side, all the threat data being pulled in is normalized and scored, and then those emails are categorized into a High, Medium, or Low Priority Score. This allows teams to focus on what's really important and operate efficiently.

To get a free 60 day trial of our Phishing Triage feature, send an email to with “RH-ISAC Trial” in the subject line and redeem today.