IBM XForce IRIS
This document explains how to set up and use IBM X-Force IRIS with TruSTAR Station.
X-Force Incident Response and Intelligence Services (IRIS) provides organizations the latest threat intelligence from X-Force Incident Response and Intelligence Services to understand threat campaigns, malware, threat groups, and industries with in-depth analysis reports.
- Time to Install: 10 minutes
- Type of Feed: Query-based
- Update Frequency: 15 minutes
- Intel Type: Premium
Data Types
The integration pulls the following observables:
- IP
- URL
- MD5
- SHA1
- SHA256
Requirements
- A subscription to IBM X-Force IRIS
- IBM X-Force IRIS API Key
Getting Started
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side icon list.
- Choose Closed Sources.
- Click Subscribe on the IBM X-Force IRIS box.
- Enter your IBM X-Force IRIS API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
Field | Explanation |
Report Title | <IOC Type> <IOC Value> |
External ID | Encoded value of (<IOC Type> <IOC Value>) |
Report Body | Full json response |
Time Begun | FirstSeen field of response Example: 2010-04-27T12:46:51.000Z |
Tags | |
Deeplink | |
Client Type | PYTHON SDK |
Client Meta Tag | trustash |
Known Issues
No reported issues.