IBM XForce IRIS
This document explains how to set up and use IBM X-Force IRIS with TruSTAR Station.
X-Force Incident Response and Intelligence Services (IRIS) provides organizations the latest threat intelligence from X-Force Incident Response and Intelligence Services to understand threat campaigns, malware, threat groups, and industries with in-depth analysis reports.
- Time to Install: 10 minutes
- Type of Feed: Query-based
- Update Frequency: 15 minutes
- Intel Type: Premium
The integration pulls the following observables:
- A subscription to IBM X-Force IRIS
- IBM X-Force IRIS API Key
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side icon list.
- Choose Closed Sources.
- Click Subscribe on the IBM X-Force IRIS box.
- Enter your IBM X-Force IRIS API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
<IOC Type> <IOC Value>
Encoded value of (<IOC Type> <IOC Value>)
Full json response
FirstSeen field of response Example: 2010-04-27T12:46:51.000Z
Client Meta Tag
No reported issues.