This document explains how to set up the IBM X-Force premium intelligence source in the TruSTAR platform.
IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats, aggregate actionable intelligence and collaborate with peers. Supported by human- and machine-generated intelligence, the Exchange leverages the scale of IBM X-Force to help users stay ahead of emerging threats
- Source Type: Premium Intel
- Update Type: Query-based
- Parser: Yes
- Time to install: 10 minutes
- A subscription to IBM X-Force
- IBM X-Force API Key
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side icon list.
- Choose Premium Intel.
- Click Subscribe on the IBM X-Force box.
- Enter your IBM X-Force API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the IBM X-Force Enclave using this format.
<IOC Type> <IOC Value>
Encoded value of (<IOC Type> <IOC Value>)
Full json response
FirstSeen field of response
Client Meta Tag
Source scoring for this intelligence source uses two different methods:
- A continuous score is provided for URLs and IP addresses.
- A categorical risk score (Low, Medium, High) is provided for SHA1, SHA256, and MD5.
No reported issues.