X-Force Exchange

X-Force Exchange Courses:

X-Force Exchange Tutorial Series

IBM® X-Force® Exchange is a cloud-based threat intelligence platform. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence and collaborate with your peers. IBM X-Force Exchange is supported by one of the most recognized security research teams in the world—IBM X-Force.

This series covers:

  • Walking through the X-Force Exchange Dashboard
  • Use of settings and profiles including the new feature "Integrations"
  • X-Force Exchange collections for beginners
  • Groups and Sharing in X-Force Exchange
  • Honeypot data manipulated with Linux shell and put into an X-Force Exchange collection

Exploring the X-Force Exchange Am I Affected feature

You can now use the X-Force Exchange to determine if you are affected by threats. The Am I Affected feature searches your QRadar environment and notifies you if you are prone to threats identified in the numerous X-Force Exchange collections. This course reviews the Am I Affected functionality and how you can integrate IBM X-Force Exchange Threat Intelligence information into your QRadar environment.

Integrating X-Force Exchange and QRadar to prevent ransomware outbreaks

You can integrate QRadar and threat intelligence from IBM X-Force Exchange to protect your organization against ransomware attacks. This video walks you through configuring threat data feeds from X-Force Exchange to monitor and detect ransomware outbreaks such as Petya or WannaCry.

Leveraging IBM X-Force Exchange Responses

This session covers the IBM XFE API queries, what each returns, and how the queries can be combined for different purposes. The XFE API also provides information, such as current and historical DNS data, and sightings of malware associated with the IP address.

How to use IBM X-Force Threat Intelligence and integrate with QRadar SIEM

This course teaches you how to take advantage of the information posted in IBM X-Force Exchange (XFE) platform by using the API, curl tool, and python language.

The course also demonstrates integration between XFE and QRadar SIEM using XFE SDK and direct integration or Threat Intelligence Application and TAXII endpoints.


Objectives

  • Learn how to leverage the X-Force Exchange API, curl tool, and python scripts to pull threat data from the X-Force Exchange platform
  • Install the Threat Intelligence app in QRadar SIEM
  • Test the API using online documentation
  • Use curl commands and the X-Force Exchange API documentation to simulate browser requests
  • Write a python script that uses X-Force Exchange API code
  • Use TAXII feeds, collections, and the QRadar Threat Intelligence app to integrate the X-Force Exchange API and QRadar SIEM
  • Configure threat data feeds to monitor and detect ransomware outbreaks