IBM XFORCE RESPONSE INTEGRATION

Overview

 

IBM X-Force Exchange is a threat intelligence sharing platform that you can use to research security threats, to aggregate intelligence, and to collaborate with peers

Prerequisites

  • Logsign 6.3.+ versions support this integration.

Configure On IBM XForce

Forwarding settings are completed as follows:

 

  1. Navigate to the X-Force Threat Intelligence SaaS offerings page on the IBM website.
  2. Log in or create an IBM ID to sign up for a 30-day trial.
  3. After you submit your request for the 30-day trial you will receive a token and will need to verify your account.
  4. After verification, log in to X-Force Exchange and follow the steps below to generate a new API Key and Password:
  • View your Profile summary by clicking the User icon in the top right-hand corner of the X-Force Exchange Home Page.

 

 

  • Click the Settings link in the lower left corner to view the Settings Page, then click the API Access link in the Settings page to view the API details page.

 

 

  • Click the Generate button to create a new API Key and Password.

 

 

  •  Once you generate your password, makes sure to save it, as it is only shown when the key/password is generated. When you revisit your profile again, only the key is shown.
  • While a trial will expire in 30 days, API keys and passwords do not expire. If you forget your password, you can generate a new API key/password pair.
  •  Please do not share your API key, it is specific to your ID.
  • Our API only allow HTTPS connections that support TLS protocol version 1.2 or newer. All other connections will be rejected.

 

Configure On Logsign

Forwarding settings are completed as follows:

 

  1. Click Settings > Integrations > Responses.
  2. In the ‘Search’ part, write IBM XForce.
  3. Click ‘Configure’ and then click ‘+Device’.

  1. Define the settings as follows:
  • Device Name: Define the Device Name.
  • Api Key: Specify the api key.
  • Password: Define the password.
  1. Click Test and then Create to save the changes.






Methods

IP-REPUTATION

 

  • Device:  Select the configuration you have configured.
  • Ip: Define the ip you want to query reputation.




















GET-MALWARE-HASH

 

  • Device:  Select the configuration you have configured.
  • File-Hash: Define the file-hash you want to check for malware.






















GET-URL-REPORT

 

  • Device:  Select the configuration you have configured.

Url:  Define the url you want to query reputation.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.