How IBM X-Force Exchange works
Access to a wealth of threat intelligence data
IBM X-Force Exchanges provides an open platform that adds context to indicators of compromise (IOC) with a mix of human-and machine-generated insights. It offers timely threat intelligence that is dynamically updated every minute. The software delivers web threat monitoring of over 25 billion web pages and is supported by a database of over 96,000 vulnerabilities. It offers deep intelligence on millions of spam and phishing attacks and monitors reputation data with malicious IP addresses.
Collaborative platform for sharing threat intelligence
You can connect with industry peers to validate findings, share a collection of IOC to aid in forensic investigations, or add context to threats through peer collaboration via private groups and shared collections.
Integrated solution to help quickly stop threats
The solution is designed for third-party integration with support for Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII)—the established standards for automated threat intelligence sharing. It allows for integration between IBM Security products and X-Force Exchange-sourced actionable intelligence. Application programming interface (API) enables you to connect threat intelligence to security products.
Easy-to-use interface for organizing and annotating findings
Once a report is created, users can add comments to provide additional insight and context for other users or add the report to a Collection. Users can also provide feedback to the X-Force team to trigger an analysis of the specific report, which can lead to content updates. Setting custom notifications and watchlists enables users to receive relevant advisories on their areas of interest.
Monitor applicable indicators with watchlists
You can research indicators of compromise, conduct security investigations and watch for vulnerabilities on target technologies in your infrastructure just by maintaining a list of keywords or products to monitor. If new vulnerabilities are disclosed that match keywords or products on your watchlist, you will be automatically notified. To help take action on these vulnerabilities, you can add them to a Collection and import it into your SIEM, either via the API or using STIX/TAXII protocols.
Add third-party threat intelligence licenses to the platform
The Threat Feed Manager within X-Force Exchange simplifies the task of getting data out of various sources and into one view. You can enable those third-party threat intelligence sources directly on the platform by providing the credentials for those providers, and the platform will then integrate the data into X-Force Exchange directly.
Get the latest actionable threat research from IBM X-Force
The IBM X-Force research team constantly adds new intelligence for malware campaigns and new threat vectors via public Collections. These collections are curated by X-Force security experts to add human context to indicators of compromise on the platform. Details include TLP ratings, timeframes, target regions, campaign details and links to related references to learn more. Users can follow the collection to be notified of updates as new information becomes available.