Document toolboxDocument toolbox

IBM X-Force

IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats.

Connect IBM X-Force with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for IBM X-Force.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. API Key: The API key to connect to the IBM X-Force.

  9. Secret Key: Secret Key For X-Force.

  10. After you've entered all the details, click Connect.

Actions for IBM X-Force

Get Malware for IP

Returns the malware associated with the given IP.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Column Name

Column name from parent table containing an IP address.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

``` {json}{ "has_error": true, "error": "Empty input." }

## Get Malware for URL Returns the malware associated with the given URL. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :------------------------- | :----------------------------------------------------------------------------- | :------- | | Column Name | Column name from parent table containing URL. | Required | | Additional Risk Categories | Additional X-Force URL categories to treat as high risk (separated by commas). | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null ``` {json}{ "has_error": true, "error": "Empty input." }

Get URL Summary and Score

Returns a brief summary and an overall risk score for a given URL.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Column Name

Column name from parent table containing URL.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

``` {json}{ "has_error": true, "error": "Empty input." }

## Get Malware for File Hash Returns the malware associated with the given File Hash. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :---------- | :-------------------------------------------------- | :------- | | Column Name | Column name from parent table containing File Hash. | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null ``` {json}{ "has_error": true, "error": "Empty input." }

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

  • v1.0.10 - Added documentation link in the automation library.