TruSTAR Phishing Triage

Solution Preview
TRAINING SESSION:
PHISHING TRIAGE solution preview  
This webinar took place on:
Tuesday, April 28, 2020
Isolated-Worfklow-LC-PT
 

TruSTAR is adding a new Phishing Triage Panel to our platform. The Triage Panel and Public API aggregates and normalizes scores from 16+ Premium Intelligence sources to give you a Priority Score of Low, Medium or High.

Users will have the option to triage user-reported suspicious emails via the new Triage Panel view on the platform to see emails sorted by score and priority. Once your triage is complete, users can automatically send malicious indicators into SIEM or Orchestration tools.

Use Cases

  • Power Orchestration & Dissemination - Leverage High, Medium, Low Priority Scores to trigger Orchestration playbooks. Priority Scores and Unified API reduce playbook complexity. Deliver indicators from confirmed malicious emails to tools and peers.
  • Improve Detection - Optimize detection workflows for better accuracy. Automate the matching of highly-scored indicators into your SIEM to create efficiencies across your team. Customize data ingest preferences to reduce false positive rate.
  • Speed Investigations -  Accelerate triage by leveraging Priority Scores to surface the most relevant user-reported suspicious emails. Reduce the manual process of collecting context by automating enrichment between suspicious emails and internal / external intelligence sources.

More Workflow Training Sessions:

Phishing-Blurb  

Training: Everything You Need to Know About Phishing Triage 

Phishing emails are time-consuming to triage. Learn how to create a phishing repository using TruSTAR's email ingest feature to help your team more easily correlate known-bad entities. 

Access Now

 
ServiceNow_Square-logo  

Training: Case Management Workflow & Best Practices

When investigating and responding to alerts, security analysts need maximum context to make an informed decision on next steps as quickly as possible. Learn case management workflow best practices through TruSTAR's ServiceNow integrations.

Access Now

 
Splunk_square-logo  

Splunk ES Workflow Training

Stop drinking from the SIEM alert firehose. By taking an in-depth look at TruSTAR's new Splunk ES integration, attendees can learn how to respond to alerts faster by learning best practices on prioritizing investigations based on context and severity.

Access Now

 
cybersecurity-stock-small  

Training: How to Prioritize Investigations Using Enrichment

Sometimes the hardest part of triage is knowing where to start. In this interactive workflow demo, TruSTAR intelligence architects will teach you how to combine alerts and tickets from your SIEM and Case Management tools and prioritize them within the TruSTAR platform using new scoring and filtering features.

This live training session will take place on Tuesday, January 28, 2020.

Register Now

 
ibm_technology_partners_small  

Training: Accelerate Incident Response with TruSTAR and IBM Resilient, IBM XForce

Whether investigating and responding to a phishing email, SIEM alert, ticket, or fraudulent transaction, security analysts need as much information as possible to make informed decisions and act quickly. In this interactive workflow demo, TruSTAR and IBM intelligence architects will walk you through sample incident response workflows using the TruSTAR and IBM’s suite of tools.

This live training session will take place on Tuesday, February 11, 2020.

Register Now