Feature Updates: Multiple Enclaves, Tags & Much More

At TruSTAR we are actively driven by customer feedback and to show we really mean it we continually add new features and functionality that make it even easier to exchange and investigate cyber incidents. Our latest release has a ton of new features — please check out the rest of this blog to get up to speed with the latest release.

• Multiple Enclaves. This feature allows you to be a member of more than 1 enclave, and thus expand the number of groups that you can privately share and collaborate with (original enclave feature blog). When you are creating a new report select the enclaves that should receive this report by selecting the Distribution drop-down list (see below). If you select “Submit to Community” the report will not be shared with any of your enclaves.

Multiple Enclave Submission Selection.

• Filtering of Reports. You can now select, with a high level of granularity, exactly which reports you want to view in the reports list/inbox view. By selecting the name of the enclave(s) from the drop-down list you can choose to only view reports that belong to the selection. When the reports list view is updated you will see a color dot in each of the reports in the list view — this color corresponds with the enclave name in the drop-down list.

Reports Filter

• Categories. You can now associate publicly searchable attributes when you create and submit a new report. These include details like type of attack, region where attack was observed, kill chain stage, or any other free form text you want associated with the report. The platform will also provide you with a list of most frequently occurring attributes — but you can use any attribute as long as it is less than 32 characters. You can also associate multiple attributes with the same report. Categories can be searched and pivoted by clicking on the specific attribute in the reports list view.

Categories allow users to provide customizable attributes and simplify the overall process.

Categories.

Creating Private Tags.

• Extracted IoC Summary. The IoC extraction engine is one of our platform’s distinguishing capabilities, and now you can view a summary of all IoC’s extracted from structured and unstructured report text. You can click on each IoC category to view the specific indicators extracted.

Extracted IoC View.

• OSINT Feeds View. We actively collect data from over 15 open source intelligence feeds, and these can now be easily filtered by its source and you can also search for specific IoC’s.

We regularly add new OSINT feeds to the platform — please don’t hesitate to let us know if there is a specific feed you would like to see added.

We have several new features in the pipeline — so stay tuned for the next set of product updates. If you have any questions please don’t hesitate to reach out to support@trustar.co