IBM X-Force 1.1.1

IBM X-Force - 1.1.1

tags: python

Table of Contents

• Description
• CDC Command Lines
• Workflows
• Rules
• Sensors
• Triggers
• Known Issues

Description

Integration with IBM X-Force is prepared to support CDC users by providing ability to query across the range of threat information from IBM X-Force, including IPs, URLs, Hash via REST API ; which enable CDC users to take an informed decision in Incident response.

IBM X-Force provides access to external threat intelligence to help contextualize security events. The IBM X-Force Exchange API allows security teams to enrich their existing tools in real time to enable fast analysis and automate responses.

We use custom adaptive cards to display large amount of Threat data in meaningful intuitive GUI, to facilitate easy understanding of complex Threat Intel data.

With the help of command line/Automated enrichments, the detailed Indicator of Compromises and other threat indicators information about Hash/ IP/ URL Feed shall be obtained based on the provided individual query parameters. Threat Indicator Feed option provides complete threat analysis report for the provided feed value.

CDC Command Lines

* **enrich_filehash_cli**
Get information from X-Force about a file content.

* **enrich_ip_cli**
Get information from X-Force about a certain ip.

* **enrich_url_cli**
Get information from X-Force about a certain web url.

Workflows

* **post_enrich_filehash**
Post enrich-filehash in CDC by ID of incident/message/chanel.

* **post_enrich_ip**
Post enrich-ip in CDC by ID of incident/message/chanel.

* **post_enrich_url**
Post enrich-url in CDC by ID of incident/message/chanel.

Rules

No rules

Sensors

No sensors

Triggers

No triggers

Known Issues