Overview
IBM X-Force Exchange is a threat intelligence sharing platform that you can use to research security threats, to aggregate intelligence, and to collaborate with peers.
Prerequisites
- Logsign 6.3.+ versions support this integration.
Configure On IBM XForce
Forwarding settings are completed as follows:
- Navigate to the X-Force Threat Intelligence SaaS offerings page on the IBM website.
- Log in or create an IBM ID to sign up for a 30-day trial.
- After you submit your request for the 30-day trial you will receive a token and will need to verify your account.
- After verification, log in to X-Force Exchange and follow the steps below to generate a new API Key and Password:
- View your Profile summary by clicking the User icon in the top right-hand corner of the X-Force Exchange Home Page.
- Click the Settings link in the lower left corner to view the Settings Page, then click the API Access link in the Settings page to view the API details page.
- Click the Generate button to create a new API Key and Password.
- Once you generate your password, makes sure to save it, as it is only shown when the key/password is generated. When you revisit your profile again, only the key is shown.
- While a trial will expire in 30 days, API keys and passwords do not expire. If you forget your password, you can generate a new API key/password pair.
- Please do not share your API key, it is specific to your ID.
- Our API only allow HTTPS connections that support TLS protocol version 1.2 or newer. All other connections will be rejected.
Configure On Logsign
Forwarding settings are completed as follows:
- Click Settings > Integrations > Responses.
- In the ‘Search’ part, write IBM XForce.
- Click ‘Configure’ and then click ‘+Device’.
- Define the settings as follows:
- Device Name: Define the Device Name.
- Api Key: Specify the api key.
- Password: Define the password.
- Click Test and then Create to save the changes.
Methods
IP-REPUTATION
- Device: Select the configuration you have configured.
- Ip: Define the ip you want to query reputation.
GET-MALWARE-HASH
- Device: Select the configuration you have configured.
- File-Hash: Define the file-hash you want to check for malware.
GET-URL-REPORT
- Device: Select the configuration you have configured.
Url: Define the url you want to query reputation.