An Intelligence Platform Built By Analysts, For Analysts.

We understand the challenges of modern analysts, and have created a platform with their unique needs in mind. Here are the features that make it happen, and how they will help you and your team resolve investigations faster.

Take a Tour

What Makes It All Work? Enclaves.

Enclaves are flexible, secure, permission-controlled data repositories of security and threat intelligence information.

The Features and Technologies That Power Enclaves

Analysis Visualization

We represent threat intelligence the way a human analyst actually looks at it. TruSTAR’s link analysis visualizations give you the WHY and HOW of threat events by showing you how IOCs connect to threats inside and beyond your Enclave. Your analysts’ time is extremely valuable – you’d better be sure you’re providing them with a tool optimized for their needs and efficiency.

Extensible Interoperability

STIIX / TAXII? We got you covered. Built-in integrations? Check them out in our marketplace. For everything else, we provide SDKs and a robust RESTful API to enable integrations with proprietary data sources, ticketing or case management systems, or any other SOC tools as needed.

Machine Learning-Assisted Extraction

Our extraction engine is capable of automatically identifying an industry-leading 12 types of IOCs from structured and unstructured data, instantly surfacing them for further analysis. Need support for a different flavor of IOC? Our platform was built for flexibility and we can get you up and running quickly.

Automated Redaction

Sharing outside of your team or organization? Our redaction engine will keep your legal and compliance folks happy by allowing you to control visibility of all shared data. Easily scrub sensitive information from reports before releasing to your partners. Our natural language processing (NLP) engine instantly identifies potential PII terms to redact.

Normalize Email Intelligence

Copy/pasting unstructured data from listservs and other feeds is time-consuming and a critical bottleneck to quickly making use of the great data you are subscribed to. Keep your focus on analysis with up-to date data by feeding your email threads to our email ingestion tool from any source.

Custom Tagging

Take your knowledge management a step further with Custom Tagging. Organize incident reports based on any proprietary naming schemes, such as department names, threat families, or ticket numbers and surface them easily during investigations.

Search for Context & IOCs

Instantly search for IOCs (threat name, hash, IP, domain, etc.) and surface relevant context from your investigations and external intelligence sources. Results displayed in our analysis visualizations make it easy to pinpoint patterns, discover trends and hunt within TruSTAR.

Collaborate With the Right Access & Permissions

By allowing you to granularly define user permissions for who can access and interact with what data, we ensure you can adhere to any compliance requirements. With in-app chat and ability to capture notes on investigations, your teams are empowered to collaborate with ease to add context to ongoing analyses and IOCs.

Notification & Alerting

Done with that analysis for now? Enable notifications to be alerted when another analyst adds additional context to your case, or other correlating IOCs or cases become available so you can jump back in and make use of this new context.