Today we released API 2.0, the latest version of TruSTAR’s API-First Intelligence Management Platform. This new version continues our commitment to simplify and streamline intelligence for automation in enterprise security intelligence management, and breaks through long-standing industry limitations around operationalizing data orchestration and normalization.
TruSTAR was created on the principle of being API-First, with a data-centric approach to transforming cyber intelligence to make it actionable. TruSTAR API 2.0 delivers on that promise with the addition of TruSTAR Intel Workflows and Safelist Libraries. These new features, combined with TruSTAR’s already robust platform, create a unified, all-source intelligence picture without the flood of false positives or manual data-wrangling.
“Historically, security approaches have focused on layers of defense, which resulted in massive walls around data. But, enterprise security leaders are breaking down silos and demanding visibility and sovereignty over the data workflows required for orchestration and automation in detection and response. We look at sectors like financial services, sales, and marketing and we see that our peers in other departments in the enterprise have stepped to these challenges by combining unified APIs with data-centric architectures. We can learn from this as we enter a new era where integration and automation is a top priority for all enterprise security leaders."
— Patrick Coughlin, CEO of TruSTAR
A game-changing addition to API 2.0 is TruSTAR Intel Workflows, which provide no-code set-up of data processing and transformations using established sources to cross-validate and curate intelligence. Traditionally, security leaders have had to rely on teams of trained analysts spending many hours a day doing the data janitor work or investing in large, multiyear data engineering projects.
Now, TruSTAR users can easily select intelligence sources, including open source, premium intel providers and collections of historical events and alerts, apply priority scores, Safelists and filtering based on indicator types or attributes and submit prepared data into vetted Enclaves or a suite of enterprise workflow applications.
Benefits include:
TruSTAR Intel Workflows allow users to get normalized scores on observables and events based on individual source profiles, reduce false positives in detection sets by normalizing indicators across multiple sources, and filter by priority score and relevant indicator type. TruSTAR’s Unified Intel API provides a single point of integration through TruSTAR’s fully RESTful API, TAXII infrastructure and Python SDK, supporting all standard data structures and use-case oriented endpoints.
TruSTAR offers Safelists and Blocklists as a replacement Whitelists and Blacklists. Words matter, and we prefer to use more actionable language with the added benefit of replacing language with racial connotations. TruSTAR’s new Safelist libraries allow users to create and maintain a set of observables that can be considered benign from being used for threat intelligence correlations. This can produce false positive alerts, wasting analyst time and lowering business productivity.
Now users can programmatically apply multiple workflow-level Safelists, source weights and filtering before delivery into TruSTAR Intel Workflow destinations. As any security analyst will tell you, no one Safelist library can be used for all use-cases, workflows and security controls. Breaking Safelists into multiple libraries allows users to fine tune and operationalize intelligence using only the applicable set of Safelists based on use cases and the security controls, thereby reducing false positives.
----------------------------------------------------
Thanks!
Mikala Vidal
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.