IBM X-Force

Version: 2.0.0

IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats.

Connect IBM X-Force with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for IBM X-Force.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: The API key to connect to the IBM X-Force.
    • Secret Key: Secret Key For X-Force.
  4. After you've entered all the details, click Connect.

Actions for IBM X-Force

Get Malware for IP

Returns the malware associated with the given IP.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Column NameColumn name from parent table containing an IP address.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Empty input."
}

Get Malware for URL

Returns the malware associated with the given URL.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Column NameColumn name from parent table containing URL.Required
Additional Risk CategoriesAdditional X-Force URL categories to treat as high risk (separated by commas).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Empty input."
}

Get URL Summary and Score

Returns a brief summary and an overall risk score for a given URL.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Column NameColumn name from parent table containing URL.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Empty input."
}

Get Malware for File Hash

Returns the malware associated with the given File Hash.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Column NameColumn name from parent table containing File Hash.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Empty input."
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.0.10 - Added documentation link in the automation library.