Skip to main content

IBM X-Force Exchange

ibm-x-force-exchange

Version: 1.5
Updated: June 26, 2024

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.

Actions

  • Search DNS Records (Enrichment) - Search DNS records for a specified IP or Domain.
  • IP Reputation (Enrichment) - Gather IP reputation information for a specific IP address.
  • File Reputation (Enrichment) - Gather file reputation information for a specific file.
  • URL Reputation (Enrichment) - Gather URL reputation information for a specific URL.
  • Whois Lookup (Enrichment) - Issue a Whois lookup on a specific IP or Domain.
  • Passive DNS (Enrichment) - Search passive DNS records for a specific IP or Domain.
  • URL Reputation V2 (Enrichment) - Accepted multiple URLs separated by comma as Input and do URL reputation.

Configure IBM X-Force Exchange in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog
  1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
  2. Go to the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the installed integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration:

  • Label. Enter the name you want to use for the resource.

  • API URL. Enter your IBM X-Force API URL, for example, https://api.xforce.ibmcloud.com

  • API Key. Enter an IBM X-Force API key.

  • Secret Key. Enter the secret for the IBM X-Force API key.

  • Connection Timeout (s). Set the maximum amount of time the integration will wait for a server's response before terminating the connection. Enter the connection timeout time in seconds (for example, 180).

  • Verify Server Certificate. Select to validate the server’s SSL certificate.

  • Cloud SOAR API URL. Enter your Sumo Logic API URL (for example, https://api.us2.sumologic.com). Enter the API endpoint URL for your region.

  • Access ID. Enter the access ID for your Sumo Logic access key. Select Default as the scope when generating access keys.

  • Access Key. Enter the access key corresponding to your Sumo Logic access ID.

  • Automation Engine. Select Cloud execution for this certified integration. Select a bridge option only for a custom integration. See Cloud or Bridge execution.

  • Proxy Options. Select whether to use a proxy. (Applies only if the automation engine uses a bridge instead of cloud execution.)

    • Use no proxy. Communication runs on the bridge and does not use a proxy.
    • Use default proxy. Use the default proxy for the bridge set up as described in Using a proxy.
    • Use different proxy. Use your own proxy service. Provide the proxy URL and port number.
IBM X-Force Exchange configuration

For information about IBM X-Force Exchange, see IBM X-Force Exchange documentation.

Category

Threat Intelligence-Reputation

Change Log

  • December 19, 2019 - First upload
  • June 19, 2020
    • Whois Lookup and Passive DNS results can be saved as a .csv file
    • New action has been added
  • June 07, 2022 - New Actions:
    • URL Reputation V2
  • August 22, 2022 (v1.2) - General improvements
  • February 23, 2023 (v1.3)
    • Updated integration: (Updated the integration Fields with Environmental Variables)
  • July 12, 2023 (v1.4)
    • Changed fields visibility
    • Integration renamed from IBM X-Force Exchange OIF to IBM X-Force Exchange
    • Added new actions:
      • Passive DNS V2
      • Whois Lookup V2
  • June 26, 2024 (v1.5)
    • Updated Whois Lookup and Passive DNS actions with the new Cloud SOAR API; results can now be saved as incident attachments and artifacts.
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.