IBM Xforce Exchange
App Vendor: IBM
App Category: Data Enrichment & Threat Intelligence
App Version in Orchestrate: 1.0.0
API version: Build 32795
Hostname: https://api.xforce.ibmcloud.com/
Default Port: 443
About App
The IBM X-Force Exchange app allows security teams to integrate with IBM X-Force Exchange enterprise application, a threat intelligence sharing platform, to enable research on security threats, aggregation of intelligence, and collaboration with peers.
The IBM XForce Exchange app in the Orchestrate application can perform the below-listed actions:
Action Name | Description |
|---|---|
Get a report of an IP address | This action can be used to get a report of a particular IP Address from the IBM X-Force Exchange Application. |
Get history of an IP Address | This action can be used to get history of an IP Address from the IBM X-Force Exchange Application. |
Get Malware associated with a family | This action can be used to get details of a Malware associated with the provided family name from the IBM X-Force Exchange Application. |
Get report of a Hash | This action can be used to get a report of a particular Hash from the IBM X-Force Exchange Application. |
Get Malware associated with a URL | This action can be used to get a Malware associated with a URL from the IBM X-Force Exchange Application. |
Get ASN for Networks assigned | This action can be used to get all networks that are assigned to a particular Autonomous System Number (ASN) from the IBM X-Force Exchange Application. |
Get recent Vulnerabilities | This action can be used to get a list of recent vulnerabilities from the IBM X-Force Exchange Application. |
Get a report of URL | This action can be used to get a report of URL (URL, FQDN) from the IBM X-Force Exchange Application. |
Get details of MSID Vulnerability | This action can be used to get details of the vulnerability associated with the particular Microsoft Security Bulletin ID (MSID) from the IBM X-Force Exchange Application. |
Search vulnerabilities | This action can be used to search vulnerabilities in the IBM X-Force Exchange Application. |
Get URL Feeds | This action can be used to get feeds of URL using category and parameter from the IBM X-Force Exchange Application. |
Get details of X-Force DB ID vulnerability | This action can be used to get details of the vulnerability associated with the particular X-Force DB ID from the IBM X-Force Exchange Application. |
Get WHOIS Record | This action can be used to get particular host name record from the IBM X-Force Exchange Application. |
Get details of STDCODE vulnerability | This action can be used to get details of the vulnerability associated with the particular standard code (STDCODE) from the IBM X-Force Exchange Application. |
Get a list of Malware analysis reports | This action can be used to get a list of Malware analysis report from the IBM X-Force Exchange Application. |
Get history of a URL | This action can be used to get history of a particular URL (FQDN, URL) from the IBM X-Force Exchange Application. |
Get details of a Malware analysis report | This action can be used to get details of a particular Malware analysis report from the IBM X-Force Exchange Application. |
Get a list of Threat Groups | This action can be used to get a list of Threat Groups(actors) from the IBM X-Force Exchange Application. |
Get details of a Threat Group | This action can be used to get details of a particular Threat Group(actor) from the IBM X-Force Exchange Application. |
Prerequisites
All the actions configured in the IBM XForce Exchange app relate to private APIs. IBM XForce Exchange Enterprise subscription is required to access the private APIs.
Configuration parameters
The following configuration parameters are required for the IBM XForce Exchange app to communicate with IBM XForce Exchange Enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API Key. | Text | Required | |
API password | Enter the API password. | Text | Required |
Action: Get a report of an IP address
This action can be used to get a report of a particular IP Address from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
IP address | Enter the IP address. | Text | Required | Allowed networks:
|
Action: Get history of an IP address
This action can be used to get history of an IP Address from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
IP address | Enter the IP address. For example, “192.0.2.1”. | Text | Required | Allowed networks:
|
Example Request
[
{
"ip_address": "192.0.2.1"
}
]Action: Get Malware associated with a family
This action can be used to get details of a Malware associated with the provided family name from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Family name | Enter the Malware family name. For example, "zeus". | Text | Required |
Example Request
[
{
"family_name": "zeus"
}
]Action: Get report of a Hash
This action can be used to get a report of a particular Hash from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Hash value | Enter the Hash Value. | Text | Required |
Action: Get Malware associated with a URL
This action can be used to retrieve a Malware associated with a URL from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL (FQDN). For example, "http://onlinevideoconverter.com" | Text | Required |
Example Request
[
{
"url": "http://onlinevideoconverter.com"
}
]Action: Get ASN for Networks assigned
This action can be used to retrieve all networks that are assigned to a particular Autonomous System Number (ASN) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comment |
|---|---|---|---|---|
ASN number | Enter the ASN number. For example, "ASN5387". | Text | Required |
Example Request
[
{
"asn_number": "ASN5387"
}
]Action: Get recent Vulnerabilities
This action can be used to get a list of recent vulnerabilities from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed parameters:
By default, the value is "limit=10". |
Example Request
[
{
"params":
{
“limit': “10”,
“startDate”: ““,
“endDate”: ““,
“skip”: “2”,
“descending”: “true”
}
}
]Action: Get a report of URL
This action can be used to get a report of URL (URL, FQDN) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL (FQDN). For example, "http://onlinevideoconverter.com" | Text | Required |
Example Request
[
{
"url": "http://gdcbghvjyqy7jclk.onion.top"
}
]Action: Get details of MSID Vulnerability
This action can be used to get details of the vulnerability associated with the particular Microsoft Security Bulletin ID (MSID) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Microsoft Security Bulletin ID | Enter the Microsoft Security Bulletin ID (MSID). | Text | Required |
Action: Search vulnerabilities
This action can be used to search vulnerabilities in the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Search query | Enter the search query. For example, "Exploit" | Text | Required | |
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed values:
|
Example Request
[
{
"query": "Exploit",
"extra_params":
{
“startDate”: “2012-09-27“,
“endDate”: “2012-11-27“,
“bookmark”: “3”
}
}
]Action: Get URL Feeds
This action can be used to get feeds of URL using category and parameter from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Category | Enter the category. | Text | Required | Allowed values:
|
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed values:
By default, the value is "limit=10" |
Example Request
[
{
"params":
{
“startDate“: “2012-09-27“,
“endDate“: “2012-09-27“,
“skip“: “2“,
“limit“: “10“,
“descending“: “true“
},
"category": "Malware"
}
]Action: Get details of X-Force DB ID vulnerability
This action can be used to retrieve details of the vulnerability associated with the particular X-Force DB ID from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
X-Force DB ID | Enter the XFDB ID (X-Force DB ID). | Text | Required |
Action: Get WHOIS Record
This action can be used to get particular host name record from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Host name | Enter the host name . For example, “cyware”. | Text | Required |
Example Request
[
{
"hostname": "cyware"
}
]Action: Get details of STDCODE vulnerability
This action can be used to get details of the vulnerability associated with the particular standard code (STDCODE) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Standard Vulnerability Code | Enter the standard code for vulnerability (STDCODE). | Text | Required |
Action: Get a list of Malware analysis reports
This action can be used to get a list of Malware analysis report from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed values:
By default, the value is "limit=10, offset=0" |
Example Request
[
{
"extra_params":
{
“limit”: “10”,
“offset”: “0”
}
}
]Action: Get history of a URL
This action can be used to get history of a particular URL (FQDN, URL) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL (FQDN). For example, "http://onlinevideoconverter.com" | Text | Required |
Example Request
[
{
"url": "http://onlinevideoconverter.com"
}
]Action: Get details of a Malware analysis report
This action can be used to get details of a particular Malware analysis report from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the Report ID. | Text | Required |
Action: Get a list of Threat Groups
This action can be used to get a list of Threat Groups(actors) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed values:
By default, the additional parameter values are "limit=10, offset=0" |
Example Request
[
{
"extra_params":
{
“limit”: “10”,
“offset”: “0”
}
}
]Action: Get details of a Threat Group
This action can be used to get details of a particular Threat Group(actor) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Threat Group ID | Enter the Threat Group ID. | Text | Required |
Action: Get early warning feeds
This action can be used to get a feeds of domains from the early warning feed from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed values:
By default, the data of the last 24 hours is fetched. |
Example Request
[
{
"extra_params":
{
“endDate”; “2012-10-27”,
“startDate”: “2012-09-27”
}
}
]Action: Get DNS record
This action can be used to retrieve dns information for hostname(ip_address, fqdn) from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Host name | Enter the Host name. For example, “cyware.com” | Text | Required |
Example Request
[
{
"hostname": "cyware.com"
}
]Action: Get IP address feeds
This action can be used to get a feeds of IP addresses based on the category and params from the IBM X-Force Exchange Application.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Category | Enter the category. | Text | Required | Allowed values:
|
Additional parameters | Enter the additional parameters in the form of key value pairs. | Key Value | Optional | Allowed values:
By default, the limit is "10". |
Example Request
[
{
"params":
{
“startDate“: ““,
“endDate“: ““,
“descending“: “true“,
“skip“: “3“,
“limit“: “10“
},
"category": "Malware"
}
]On this page: