Skip to content

Splunk TruSTAR

Cyderes supports the ingestion of Indicators of Compromise from Splunk TruSTAR using the Search Indicators API.

Chronicle Data Types

  • SPLUNK_TRUSTAR

Configuration

In order to collect IOCs, Cyderes requires an API Access Key and API Secret, which can be retrieved from your account settings page on Station. The search for IOCs can be limited to a subset of enclaves if desired.

Specific instructions on how to do this can be seen in the Splunk TruSTAR API Documentation.

Gather Information

Please provide Cyderes with the following:

  • API Key
  • API Secret
  • List of applicable enclaves (optional)