Viewing Advanced Threat Protection Feeds

The IBM Advanced Threat Protection Feed by X-Force Exchange delivers a defined set of actionable indicators for direct ingestion into security tools and solutions. You can view, search, and update the Advanced Threat Protection Feeds.

About this task

The feed provides access to the following information:

  • Actionable indicators of compromise, such as IP addresses and HTTP URLs
  • Analyst-derived indicators of compromise
  • Domain Name Service (DNS) early warning indicators

Procedure

  1. From the navigation menu on the Threat Intelligence dashboard, click the Advanced Threat Protection Feed icon (Icon for app settings).
  2. From the Group IBM Advanced Threat Protection Feed by list, make a selection to rearrange the grouping type.
    For a selected feed group, click the expand arrow and manage your feed subscriptions. You can also download all the available feeds for the group from the X-Force Exchange.
  3. From the Sort IBM Advanced Threat Protection Feed by list, make a selection to rearrange the sorting order.
  4. You can click the name of the Reference Set to view the Reference Set Editor window.
  5. Click the Download now icon (Icon for download) on a card to retrieve the most recent updates from the X-Force Exchange.
  6. Click View result Icon for View Result in the Total Indicator Count card tile to see the scanning results in Long Activity or Network Activity for the selected threat feed in IBM® QRadar®.
    Note: You must install the Advanced Threat Protection Feed (ATPF) license to use this function.