Frequently asked questions

Get answers to the most commonly asked questions about this product.

IBM® X-Force® Exchange is a cloud-based threat intelligence platform that allows you to consume, share, and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts, and collaborate with peers.

Find out more

The X-Force Exchange provides a combination of observables and indicators including vulnerabilities, malware, malware families, IP reputation, URL reputation, Web applications, pDNS, Whois information, malicious domains, and higher-order intelligence like actors, campaigns, incidents, and TTPs.

The X-Force threat intelligence sources its data from IBM-developed infrastructure and databases, open-source intelligence, commercial sources, deep web, and partnerships with third part sources.

The IBM X-Force Exchange Commercial API provides programmatic access to external threat intelligence to help contextualize security events. As a companion offering to the IBM X-Force Exchange collaborative platform, this API uses open standards to help speed time to action.

Find out more

IBM X-Force threat intelligence can be integrated into existing security solutions via a RESTful API, including STIX over TAXII protocols to incorporate structured and unstructured data.

IBM X-Force Exchange SDK delivers and maintains a set of threat intelligence data focused on the areas of URL filtering, IP reputation and web application profiles. This SDK uses a web filter database to provide accurate analysis and it provides an API to facilitate integration.

The Early Warning Feed is designed to help you stay ahead of threat with timely and actionable information on malicious domains, including deep-dive lifecycles on these domains and volumetric data on their activity.

Find out more

The Early Warning Feed is designed for security professionals looking to identify malicious domains as early as possible to protect their organization from attacks that primarily exploit the domain name service (DNS), such as Phishing, Domain Generation Algorithms (DGA), Tunneling, and Squatting.

Find out more

The X-Force IRIS Premium Threat Intelligence Reports are curated and published by the IBM X-Force Incident Response and Intelligence Services (IRIS) team. There are four types of reports including Threat Activity, Malware Analysis, Threat Group, and Industry Analysis.

The Advanced Threat Protection Feed is a machine-readable threat intelligence feed that integrates with your security tools such as Firewalls, Intrusion Prevention Systems, and SIEMs. It provides you with programmatic access to actionable indicators categorized by our X-Force team.

Threat intelligence is a compilation of threat information that is gathered across external sources. Threat data is organized, refined, and augmented to make it actionable and allow your cybersecurity team to understand threats and the actors behind them, to prevent and mitigate cyber-attacks.

Find out more

Threat intelligence empowers cybersecurity teams to proactively defend against threats and rapidly respond to threats attacking their organization. It also provides information to identify and understand their adversary, create a response plan, and allocate resources strategically.

Find out more

Threat intelligence is valuable across the different members of the security operations center (SOC). From real-time blocking for tier 1 analysts to aiding investigation and threat hunting for more experienced analysts, to helping SOC leaders make strategic decisions.

Find out more

The Domain Name System (DNS) is the protocol that translates user-friendly domain names that people can remember, to computer-friendly IP addresses.

Find out more

Quad9, a partnership between IBM, Packet Clearing House and Global Cyber Alliance, is a recursive DNS platform that blocks against malicious domains, preventing your computers and IoT devices from connecting to malware or phishing sites.

Find out more

The X-Force Incident Response and Intelligence Services, know as X-Force IRIS, is a group of experts with the skills, expertise, and insight to help your company transform your incident response and intelligence capabilities.

Find out more

You can find additional information and support documentation via the Swagger framework platform, which provides interactive documentation and evaluation of the RESTful API in the deployment environment.

Find out more

The Early Warning Feed is available through the Enterprise edition of the X-Force Exchange Commercial API. If you are interested in pricing information, you can contact one of our sales representatives through the “Let’s talk” chat or call us at 1 887-257-5227.

The X-Force IRIS Premium Threat Intelligence Reports is available through the Enterprise edition of the X-Force Exchange Commercial API. If you are interested in pricing information, you can contact one of our sales representatives through the “Let’s talk” chat or call us at 1 887-257-5227.

It includes actionable indicators from threat categories, like C2 servers, Bots, Malware sources, Phishing domains, Anonymization Services, Scanning IPs, Crypto-currency Miners, X-Force IRIS curated indicators, and a Whitelist of high frequency and benign endpoints.

An indicator is classified as actionable when it is associated with a specific threat category and an actionable score (>=5.0). X-Force’s actionable threat intelligence exhibits a 99.97% detection rate, accompanied by a 0.003% false positive rate as tested by external parties.

The Advanced Threat Protection Feed delivers machine readable lists of actionable indicators that can be consumed directly by your security tools. The Commercial API provides a research platform for exploring all indicators, reports, and advisories from the X-Force Exchange.

Buy now and get started