Updated 1 month ago by Elvis Hovor

This document explains how to set up and use IBM X-Force IRIS with TruSTAR Station.

X-Force Incident Response and Intelligence Services (IRIS) provides organizations the latest threat intelligence from X-Force Incident Response and Intelligence Services to understand threat campaigns, malware, threat groups, and industries with in-depth analysis reports. 

  • Time to Install: 10 minutes
  • Type of Feed: Query-based
  • Update Frequency: 15 minutes
  • Intel Type: Premium

Data Types

The integration pulls the following observables:

  • IP
  • URL
  • MD5
  • SHA1
  • SHA256


  • A subscription to IBM X-Force IRIS
  • IBM X-Force IRIS API Key
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Closed Sources.
  4. Click Subscribe on the IBM X-Force IRIS box.
  5. Enter your IBM X-Force IRIS API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping



Report Title

<IOC Type> <IOC Value>

External ID

Encoded value of (​<IOC Type> <IOC Value>)

Report Body

Full json response

Time Begun

FirstSeen ​field of response Example: 2010-04-27T12:46:51.000Z



Client Type


Client Meta Tag


Known Issues

No reported issues.

Please reach out to if you have issues with this integration.

How Did We Do?