IBM X-Force

Updated 1 week ago by Elvis Hovor

This document explains how to set up and use IBM X-Force with TruSTAR Station.

IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats, aggregate actionable intelligence and collaborate with peers. Supported by human- and machine-generated intelligence, the Exchange leverages the scale of IBM X-Force to help users stay ahead of emerging threats

  • Time to Install: 10 minutes
  • Type of Feed: Automatic updates
  • Update Frequency: 15 minutes
  • Intel Type: Premium

Data Types

The integration pulls the following observables:

  • IP
  • URL
  • MD5
  • SHA1
  • SHA256

Requirements

  • A subscription to IBM X-Force
  • IBM X-Force API Key
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Closed Sources.
  4. Click Subscribe on the IBM X-Force box.
  5. Enter your IBM X-Force API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

Field 

Explanation

Report Title

<IOC Type> <IOC Value>

External ID

Encoded value of (​<IOC Type> <IOC Value>)

Report Body

Full json response

Time Begun

FirstSeen ​field of response Example: 2010-04-27T12:46:51.000Z

Tags

Deeplink

Client Type

PYTHON SDK

Client Meta Tag

trustash

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?