How IBM X-Force Exchange works

Access to a wealth of threat intelligence data

IBM X-Force Exchanges provides an open platform that adds context to indicators of compromise (IOC) with a mix of human-and machine-generated insights. It offers timely threat intelligence that is dynamically updated every minute. The software delivers web threat monitoring of over 25 billion web pages and is supported by a database of over 96,000 vulnerabilities. It offers deep intelligence on millions of spam and phishing attacks and monitors reputation data with malicious IP addresses.

Collaborative platform for sharing threat intelligence

You can connect with industry peers to validate findings, share a collection of IOC to aid in forensic investigations, or add context to threats through peer collaboration via private groups and shared collections.

Integrated solution to help quickly stop threats

The solution is designed for third-party integration with support for Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII)—the established standards for automated threat intelligence sharing. It allows for integration between IBM Security products and X-Force Exchange-sourced actionable intelligence. Application programming interface (API) enables you to connect threat intelligence to security products.

Easy-to-use interface for organizing and annotating findings

Once a report is created, users can add comments to provide additional insight and context for other users or add the report to a Collection. Users can also provide feedback to the X-Force team to trigger an analysis of the specific report, which can lead to content updates. Setting custom notifications and watchlists enables users to receive relevant advisories on their areas of interest.

Monitor applicable indicators with watchlists

You can research indicators of compromise, conduct security investigations and watch for vulnerabilities on target technologies in your infrastructure just by maintaining a list of keywords or products to monitor. If new vulnerabilities are disclosed that match keywords or products on your watchlist, you will be automatically notified. To help take action on these vulnerabilities, you can add them to a Collection and import it into your SIEM, either via the API or using STIX/TAXII protocols.

Add third-party threat intelligence licenses to the platform

The Threat Feed Manager within X-Force Exchange simplifies the task of getting data out of various sources and into one view. You can enable those third-party threat intelligence sources directly on the platform by providing the credentials for those providers, and the platform will then integrate the data into X-Force Exchange directly.

Get the latest actionable threat research from IBM X-Force

The IBM X-Force research team constantly adds new intelligence for malware campaigns and new threat vectors via public Collections. These collections are curated by X-Force security experts to add human context to indicators of compromise on the platform. Details include TLP ratings, timeframes, target regions, campaign details and links to related references to learn more. Users can follow the collection to be notified of updates as new information becomes available.

The bad guys share. Now the good guys can too.

Watch the video

How customers use it

  • Research the latest threats

    Research the latest threats


    Finding timely and relevant threat intelligence


    X-Force Exchange provides access to 900+ terabytes of human and machine-generated threat intelligence through Reports, Advisories, and Collections, including support for third-party providers through Bring-Your-Own-Key functionality

  • Collaborate publicly and privately

    Collaborate publicly and privately


    Various inhibitors to collaborative defense


    X-Force Exchange enables tens of thousands of users to share research, validate threats, and develop response plans with Collections and Groups

  • Integrate threat intelligence programmatically


    It's not intelligence if it isn't actionable


    X-Force Exchange provides an API for seamless integrations with security tools, including support for open standards

Technical details

Software requirements

Software requirements for IBM X-Force Exchange can be viewed at:

    Hardware requirements

    Hardware requirements for IBM X-Force Exchange can be viewed at:

      See how it works