TruSTAR is designed specifically for managing intelligence. Using machine learning and natural language processing, TruSTAR ingests, categorizes, normalizes, extracts and correlates threat intelligence. The unique Enclaves-based architecture allows for virtually unlimited scalability when it comes to both users and data.
TruStar leverages bidirectional integration with tools already used by security teams . That way companies surface the intelligence they already have to see how it relates to other internal tools and datasets. Then, working outward with dedicated sharing, TruSTAR enriches the information across ecosystems with open and closed source intelligence while simultaneously reducing the friction of sharing data.
The functionality coming from the seamless convergence of sharing groups and the fusion of intelligence and fraud tools really stood out to us. This alignment has led to the natural overlap with the threat intelligence platform market. This union provides the ability to automatically ingest, normalize, correlate, search and visualize correlations amongst data sets. TruSTAR boasts more than 60 pre-built integrations with SIEMs, orchestration, ticketing and case management which are combined, leveraging the multi-Enclave architecture, for faster investigations.
The platform features several integrations, including Splunk, which gives a good strategic overview of happenings in an environment, as well as others such as ServiceNow and ticketing system integrations. TruSTAR pulls API at the core level, so seats are not limited per person. The API construct model is based off of Enclaves.
It offers three ways to get data into the platform: browser plug-in, TruSTAR pop-up and the email Enclave Inbox. Enclave Inbox captures content as seamlessly as possible by automatically pointing at trust group inboxes to capture content coming through. It can redact text from the original content. The data populates the same way as does the rest of the reporting options. The contents and correlations generated are viewable.
Analysts can view original content and observables in the Report Visual Map, which includes a timeline slider to watch events unfold over time. This map allows analysts to more efficiently see correlations around different datasets so they can understand what occurred with extensive granularity.
From a teaming aspect, TruSTAR is a collaborative platform. Mentions in a report send a notification to the tagged individual and link back to the referenced report and what is highlighted. Analysts can share notes internally. Additionally, an Enclave Chat functionality, in which each Enclave contains its own chat channel and keeps reports organized. Reports are easily exportable and searchable. The platform indexes all content contained within the reports for quick location and searches.
Starting price is $96,000. Gold level support includes 24/7email support, 8/5. Upon logging into the dashboard, a tutorial populates to help you get started. However, we found the tutorial to be overly succinct. Professional Service support is offered as well. Phone, email and website support include FAQs and a knowledgebase. We recommend building out this knowledge base as we struggled in finding instructions on how to get started.
Tested by: Matthew Hreben