TruSTAR and ServiceNow:

Defend Better Together


ServiceNow users can now benefit from TruSTAR’s intelligence management ecosystem to better inform incidents and improve response


ServiceNow users can now benefit from TruSTAR's data-centric security intelligence management ecosystem to better inform incidents and improve response

TruSTAR Intelligence Management for ServiceNow Security Incident Response (SIR) is now available. ServiceNow users can prepare and normalize security intelligence data from multiple sources to distribute information between teams, industry peers, and other data systems, helping accelerate automation to remediate threats fast.

TruSTAR allows companies to centralize, normalize and prioritize cyber intelligence to help accelerate response. Working with ServiceNow SIR, TruSTAR helps reduce analyst investigation time by automating intelligence integration, cutting back on manual-based data ingestion to speed incident investigations within ServiceNow SIR. TruSTAR also extends ServiceNow security orchestration and automation response (SOAR) capabilities by creating built-in sharing flows, and providing programming of threat intelligence data normalization and preparation, making it easier to perform investigations off of highly-scored events or indicators.

TruSTAR for ServiceNow SIR features allow users to:

  • Add threat enrichment attributes to the indicators associated with security incidents
  • Export Security Incident data and extracted IOCs to TruSTAR for further correlation
  • Leverage ServiceNow's Threat Lookup to provide verdict from TruSTAR on malicious observables associated with security Incidents
  • Custom tag indicators in ServiceNow and store them in TruSTAR enclaves for historical context
  • Share TruSTAR reports and IoCs across ISACs/ISAOs and internal teams via enclaves
  • Whitelist observables in ServiceNow that will be reflected in TruSTAR's whitelist library