Skip to main content

Cyware Threat Intelligence eXchange

IBM X-Force

Connector Category: Enrichment Tool

About Integration

IBM X-Force is a cloud-based threat intelligence-sharing platform that helps you monitor and analyze security issues by gathering intel from various sources. Intel Exchange integrates with IBM X-Force to enrich domains, IP addresses, vulnerabilities, and hashes.

Configure IBM X-Force as an Enrichment Tool

Configure IBM X-Force to enrich domain, IP addresses, vulnerabilities, and hashes.

Before you Start 

  • Ensure you have view, update, and create permissions for Enrichment Tools.

  • Ensure you have the base URL, API key, and API password of your IBM X-Force account.

    Note

    Ensure that the API key includes the permissions to retrieve domains, IP addresses, vulnerabilities, and hashes.

Steps 

To configure IBM X-Force as an enrichment tool in Intel Exchange, follow these steps:

  1. Sign in to Intel Exchange, and go to Administration > Enrichment Management > Enrichment Tools.

  2. Search and select the IBM X-Force enrichment tool.

  3. Click Add Account.

  4. Enter the following details:

    • Account Name: Enter a unique account name to identify the instance. For example, X-Force Enrichment.

    • Base URL: Enter the base URL of your IBM X-Force instance. The default base URL is https://api.xforce.ibmcloud.com.

    • API Key: Enter the API key of your IBM X-Force account.

    • API Password: Enter the API password to authenticate communication between the Intel Exchange and IBM X-Force servers.

    • Verify SSL: Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchangeand IBM X-Force servers. By default, Verify SSL is selected.

      Note

      We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.

  5. Click Save.

After adding an account successfully, you can view and enable the IP, domain, vulnerability, and URL feed enrichment types. Additionally, you can configure Quota to restrict the number of enrichment requests sent from Intel Exchange to IBM X-Force. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.

To understand the number of API calls and quota units consumed by the IBM X-Force enrichment tool per poll, refer to the following table.

Enrichment Tool

Feed Enrichment Type

No. of API calls

Quota Consumed

IBM X-Force

Retrieve Domain Detail

2

2

Retrieve Hash Detail

1

1

Retrieve IP Detail

2

2

Retrieve Vulnerability Detail

1

1

You can configure an enrichment policy to automatically enrich threat data objects using the IBM X-Force enrichment tool. For more information, see Configure Enrichment Policy.Configure Enrichment Policy