IBM® X-Force® Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats.
Read the X-Force® Threat Intelligence Index Report to understand the current threat landscape.
Learn about IBM X-Force Advanced Protection feed
Explore the features of our comprehensive threat intelligence offerings
This cloud-based threat intelligence platform allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.
This feed is designed to help you monitor and protect your environment efficiently. It provides you with machine-readable, actionable indicators that directly integrate with your security tools—firewalls, intrusion prevention systems and SIEM—through open standards.
This API provides programmatic access to external threat intelligence to help contextualize security events. As a companion offering to the IBM X-Force Exchange collaborative platform, the API uses open standards to help speed time to action.
This feed is designed to give you early warning on hundreds of new malicious domains surfaced daily through IBM's collaboration with Quad9. The unique content is available through the Advanced Threat Protection Feed and the X-Force Exchange Commercial API.
These reports provide timely access to contextual threat intelligence published and curated by the X-Force team and available through the X-Force Exchange Commercial API. There are four categories of reports, including Threat Activity, Malware, Threat Group Profiles, and Industry Analysis.
Learn about threat intelligence use cases that leverage malicious domains to detect, respond and anticipate DNS attacks.
Discover how IBM's curation and dissemination of threat intelligence can help your team research threats and collaborate.
Uncover the value of threat intelligence by framing it from the unique perspective of four roles in the typical enterprise.
X-Force is a threat-centric team of hackers, responders, researchers and analysts with decades of experience. Our portfolio includes offensive and defensive products and services, fueled by a 360-degree view of threats. With a deep understanding of how threat actors think, strategize and strike, our team knows how to prevent, detect, respond to, and recover from incidents so that you can focus on business priorities.
Threat intelligence is a compilation of threat information that is gathered across external sources and used to prevent and mitigate cyberattacks. Threat data is organized, refined and augmented to make it actionable and to allow your cybersecurity team to understand threats and the actors behind them.
The X-Force® Threat Intelligence team delivers global threat intel applied to your security operations with detection and response content. We help streamline workflow, orchestration and applications that drive enrichment, collaboration, visualization and advanced analytics, providing:
Threat intelligence empowers cybersecurity teams to proactively defend against and rapidly respond to threats attacking their organization by helping them identify and understand their adversary, create a response plan and allocate resources strategically. Cybersecurity teams can use threat intelligence to block attacks in real time and mitigate the risk of attackers affecting their brand and reputation.
Threat intelligence is purposely built by industry experts from a wide range of backgrounds, including former government intelligence analysts, SOC analysts and private industry consultants. The team’s founding principles include strict analytic rigor, correct analysis and reproducible assessments.
X-Force Threat Intelligence uses industry best practice frameworks such as:
Threat intelligence is valuable to different members across the security operations center (SOC), from real-time blocking for tier 1 analysts, aiding investigation and threat hunting for more experienced analysts, to helping SOC leaders make strategic decisions.
There are 5 types of premium reports published as premium content in the X-Force® Exchange platform:
The Domain Name System (DNS) is the protocol that translates user-friendly domain names that people can remember to computer-friendly IP addresses.
Quad9, a partnership between IBM, Packet Clearing House and Global Cyber Alliance, is a recursive DNS platform that blocks against malicious domains to prevent your computers and IoT devices from connecting to malware or phishing sites.
IBM Security® X-Force® Research is a group of experts with the skills, expertise and insight to help your company transform your incident response and intelligence capabilities. We look across cybersecurity threat research on vulnerabilities, threat actors, malware and more, including data from recent industry reports and intel from the experts at IBM Security X-Force.
The X-Force Threat Intelligence portfolio supports 5 product offerings:
Each offering provides continuous threat intelligence in the form of machine generated or human generated intelligence and serves distinct use cases depending on customer needs.
Each year, IBM Security X-Force—our in-house team of cybersecurity experts and remediators—mines billions of data points to expose today’s most urgent security statistics and trends.
IBM Security’s latest research is published in the annual X-Force Threat Intelligence Index, a comprehensive overview of the global threat landscape based on data collected throughout the previous year.
You can find additional information and support documentation on the Swagger framework platform, which provides interactive documentation and evaluation of the RESTful API in the deployment environment.
The Early Warning Feed is available through the Enterprise edition of the X-Force Exchange Commercial API. If you are interested in pricing information, you can contact one of our sales representatives through the “Let’s talk” chat or call us at 1 887-257-5227.
The X-Force Premium Threat Intelligence Reports are available through the Enterprise edition of the X-Force Exchange Commercial API. If you are experiencing an incident, contact X-Force to help: US hotline 1-888-241-9812; Global hotline (+001) 312-212-8034.
IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.
The X-Force Exchange provides a combination of observable indicators including vulnerabilities, malware, malware families, IP reputation, URL reputation, web applications, pDNS, WHOIS information, malicious domains, and higher-order intelligence such as actors, campaigns, incidents and TTPs. X-Force Threat Intelligence provides curated analysis of threats, groups, malware and industries.
X-Force Threat Intelligence data is sourced from IBM-developed infrastructure and databases, open-source intelligence, commercial sources, the deep web, and partnerships with third-party sources.
The IBM X-Force Exchange Commercial API provides programmatic access to external threat intelligence to help contextualize security events. As a companion offering to the IBM X-Force Exchange collaborative platform, this API uses open standards to help speed time to action.
IBM X-Force threat intelligence can be integrated into existing security solutions by using a RESTful API, including STIX over TAXII protocols to incorporate structured and unstructured data.
The Early Warning Feed is designed to help you stay ahead of threats with timely and actionable information on malicious domains, including deep-dive lifecycles on these domains and volumetric data on their activity.
The Early Warning Feed is designed for security professionals looking to identify malicious domains as early as possible and to protect their organization from attacks that primarily exploit the domain name service (DNS), such as phishing, domain generation algorithms (DGA), tunneling and squatting.
The Advanced Threat Protection Feed is a machine-readable threat intelligence feed that integrates with security tools such as firewalls, intrusion prevention systems and SIEMs. It provides you with programmatic access to actionable indicators categorized by our X-Force team.
The Advanced Threat Protection Feed includes actionable indicators from threat categories such as C2 servers, bots, malware sources, phishing domains, anonymization services, scanning IPs, cryptocurrency miners, X-Force curated indicators, and a block list of high frequency and benign endpoints.
An indicator is classified as actionable when it is associated with a specific threat category and an actionable score (>=5.0). X-Force’s actionable threat intelligence exhibits a 99.97% detection rate, accompanied by a 0.003% false positive rate (as tested by external parties).
The Advanced Threat Protection Feed delivers machine readable lists of actionable indicators that can be consumed directly by your security tools. The Commercial API provides a research platform for exploring all indicators, reports and advisories from the X-Force Exchange.
Explore the latest threats with tactical, operational and strategic threat intelligence.
Detect and block actionable indicators of compromise (IOCs) and industry specific threats based on in-depth analysis by IBM’s team of threat researchers. (266 KB)
Understand which threats are most relevant to your organization by receiving sample reports and IOCs.