This article describes the Intelligence Card Extension for IBM X-Force Exchange.
Furthermore, X-Force Exchange also has an integration into Recorded Future; select information from a Recorded Future Intelligence Card can be set up to appear within the X-Force Exchange portal. At the end of this article is a brief description on how to enable this.
About IBM X-Force Exchange
IBM® X-Force Exchange (XFE) is a cloud-based, threat intelligence sharing platform that you can use to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats.
(source: https://exchange.xforce.ibmcloud.com/faq)
You must have an API key in order to use this service. Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
This extension offers extension information for the following Intelligence Cards:
- IP Address
- Domain
- Hash
- Malware
- Vulnerability
Extending IP Address Cards
You can enrich any IP Address Card with the following threat intelligence from XFE:
- Risk Score
- # of Associated Malware
- Country of origin for the IP Address
- Categories
- Subnet Risk Score
- DNS records
- WHOIS
Example:
Extending Domain Cards
You can enrich Domain Cards with the following threat intelligence from XFE:
- Domain Risk Score
- Categories
- Public Collections
- DNS records
- WHOIS
Example:
Extending Hash Cards
You can enrich any Hash Card with the following threat intelligence from XFE:
- Hash Type
- Risk Level
- Vendor Coverage
- Malware family
- Public Collection records
Example:
Extending Malware Cards
You can enrich any Malware card with the following threat intelligence from XFE:
- Public Collection records
- Associated Malware samples (up to 200 max)
Example:
Extending Vulnerability Cards
You can enrich any Vulnerability card with the following threat intelligence from XFE:
- Public Collection records
- Vulnerability information
Example:
Enabling the Recorded Future Integration within X-Force Exchange
You can enable the Recorded Future integration in X-Force Exchange if you have a Recorded Future API subscription. To turn on the integration, go to your user profile in X-Force Exchange, select "Settings", and then choose "Integrations" from the left menu. When the list of integrations appears, scroll down until you find "Recorded Future". You can enable the integration by entering the Recorded Future API token in the box and enabling the integration. Read more about requesting an API token here.
More Information:
Detailed docs on the various information fields can be found on XFE's FAQ.
If the extension is returning a "402" error, it may be the case that you have exceeded your monthly API quota with X-Force Exchange. Please consult this page on the XFE support site.