IBM X-Force
IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats.
Connect IBM X-Force with Devo SOAR
Navigate to Automations > Integrations.
Search for IBM X-Force.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Key: The API key to connect to the IBM X-Force.
Secret Key: Secret Key For X-Force.
After you've entered all the details, click Connect.
Actions for IBM X-Force
Get Malware for IP
Returns the malware associated with the given IP.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Column Name | Column name from parent table containing an IP address. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
``` {json}{ "has_error": true, "error": "Empty input." }
## Get Malware for URL
Returns the malware associated with the given URL.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :------------------------- | :----------------------------------------------------------------------------- | :------- |
| Column Name | Column name from parent table containing URL. | Required |
| Additional Risk Categories | Additional X-Force URL categories to treat as high risk (separated by commas). | Required |
### Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
``` {json}{
"has_error": true,
"error": "Empty input."
}
Get URL Summary and Score
Returns a brief summary and an overall risk score for a given URL.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Column Name | Column name from parent table containing URL. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
``` {json}{ "has_error": true, "error": "Empty input." }
## Get Malware for File Hash
Returns the malware associated with the given File Hash.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :---------- | :-------------------------------------------------- | :------- |
| Column Name | Column name from parent table containing File Hash. | Required |
### Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
``` {json}{
"has_error": true,
"error": "Empty input."
}
Release Notes
v2.0.0
- Updated architecture to support IO via filesystemv1.0.10
- Added documentation link in the automation library.