IBM X-Force Exchange

Updated

This article describes the Intelligence Card Extension for IBM X-Force Exchange. 

Furthermore, X-Force Exchange also has an integration into Recorded Future; select information from a Recorded Future Intelligence Card can be set up to appear within the X-Force Exchange portal.  At the end of this article is a brief description on how to enable this.

About IBM X-Force Exchange

IBM® X-Force Exchange (XFE) is a cloud-based, threat intelligence sharing platform that you can use to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats.
(source: https://exchange.xforce.ibmcloud.com/faq)

You must have an API key in order to use this service.  Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

This extension offers extension information for the following Intelligence Cards:

  • IP Address
  • Domain
  • Hash
  • Malware
  • Vulnerability

Extending IP Address Cards

You can enrich any IP Address Card with the following threat intelligence from XFE:

  • Risk Score
  • # of Associated Malware
  • Country of origin for the IP Address
  • Categories
  • Subnet Risk Score
  • DNS records
  • WHOIS

Example:

Extending Domain Cards

You can enrich Domain Cards with the following threat intelligence from XFE:

  • Domain Risk Score
  • Categories
  • Public Collections
  • DNS records
  • WHOIS

Example:

Extending Hash Cards

You can enrich any Hash Card with the following threat intelligence from XFE:

  • Hash Type
  • Risk Level
  • Vendor Coverage
  • Malware family
  • Public Collection records

Example:

Extending Malware Cards

You can enrich any Malware card with the following threat intelligence from XFE:

  • Public Collection records
  • Associated Malware samples (up to 200 max)

Example:

Extending Vulnerability Cards

You can enrich any Vulnerability card with the following threat intelligence from XFE:

  • Public Collection records
  • Vulnerability information

Example:

Enabling the Recorded Future Integration within X-Force Exchange

You can enable the Recorded Future integration in X-Force Exchange if you have a Recorded Future API subscription. To turn on the integration, go to your user profile in X-Force Exchange, select "Settings", and then choose "Integrations" from the left menu. When the list of integrations appears, scroll down until you find "Recorded Future". You can enable the integration by entering the Recorded Future API token in the box and enabling the integration. Read more about requesting an API token here.

XFE1.png XFE2.png XFE3.png XFE4.png XFE5.png XFE6.png

More Information:

Detailed docs on the various information fields can be found on XFE's FAQ.

If the extension is returning a "402" error, it may be the case that you have exceeded your monthly API quota with X-Force Exchange.  Please consult this page on the XFE support site.

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more