TruSTAR Phishing Triage

Solution Preview
PHISHING TRIAGE solution preview  
This webinar took place on:
Tuesday, April 28, 2020

TruSTAR is adding a new Phishing Triage Panel to our platform. The Triage Panel and Public API aggregates and normalizes scores from 16+ Premium Intelligence sources to give you a Priority Score of Low, Medium or High.

Users will have the option to triage user-reported suspicious emails via the new Triage Panel view on the platform to see emails sorted by score and priority. Once your triage is complete, users can automatically send malicious indicators into SIEM or Orchestration tools.

Use Cases

  • Power Orchestration & Dissemination - Leverage High, Medium, Low Priority Scores to trigger Orchestration playbooks. Priority Scores and Unified API reduce playbook complexity. Deliver indicators from confirmed malicious emails to tools and peers.
  • Improve Detection - Optimize detection workflows for better accuracy. Automate the matching of highly-scored indicators into your SIEM to create efficiencies across your team. Customize data ingest preferences to reduce false positive rate.
  • Speed Investigations -  Accelerate triage by leveraging Priority Scores to surface the most relevant user-reported suspicious emails. Reduce the manual process of collecting context by automating enrichment between suspicious emails and internal / external intelligence sources.

More Workflow Training Sessions:


Training: Everything You Need to Know About Phishing Triage 

Phishing emails are time-consuming to triage. Learn how to create a phishing repository using TruSTAR's email ingest feature to help your team more easily correlate known-bad entities. 

Access Now

phishing stock  

Download: Phishing Triage Solution Brief

TruSTAR automatically ingests suspicious emails and enriches them with normalized scores from 15+ of your intelligence sources to create a Priority Score, helping analysts surface the most relevant events for automated or human-in-the-loop investigation workflows.

Download Now


Splunk ES Workflow Training

Stop drinking from the SIEM alert firehose. By taking an in-depth look at TruSTAR's new Splunk ES integration, attendees can learn how to respond to alerts faster by learning best practices on prioritizing investigations based on context and severity.

Access Now


Training: How to Prioritize Investigations Using Enrichment

Sometimes the hardest part of triage is knowing where to start. In this interactive workflow demo, TruSTAR intelligence architects will teach you how to combine alerts and tickets from your SIEM and Case Management tools and prioritize them within the TruSTAR platform using new scoring and filtering features.

This live training session will take place on Tuesday, January 28, 2020.

Register Now


Training: Accelerate Incident Response with TruSTAR and IBM Resilient, IBM XForce

Whether investigating and responding to a phishing email, SIEM alert, ticket, or fraudulent transaction, security analysts need as much information as possible to make informed decisions and act quickly. In this interactive workflow demo, TruSTAR and IBM intelligence architects will walk you through sample incident response workflows using the TruSTAR and IBM’s suite of tools.

This live training session will take place on Tuesday, February 11, 2020.

Register Now