Finding IP address and URL information in X-Force Exchange

Use right-click menu options in IBM® QRadar® to find information about IP addresses and URLs that is found on IBM Security X-Force® Exchange. You can use the information from your QRadar searches, offenses, and rules to research further or to add information about IP addresses or URLs to an X-Force Exchange collection.

About this task

You can contribute either public or private information to track data in collections when you research security issues.

A collection is a repository where you store the information that is found during an investigation. You can use a collection to save X-Force Exchange reports, comments, or any other content. An X-Force Exchange report contains both a version of the report from the time when it was saved, and a link to the current version of the report. The collection contains a section that has a wiki-style notepad where you can add comments that are relevant to the collection.

For more information about X-Force Exchange, see X-Force Exchange (https://exchange.xforce.ibmcloud.com/).

1. To look up an IP address in X-Force Exchange from QRadar, follow these steps:
   1. Select the Log Activity or the Network Activity tab.
   2. Right-click the IP address that you want to view in X-Force Exchange and select More Options > Plugin Options > X-Force Exchange Lookup to open the X-Force Exchange interface.
2. To look up a URL in X-Force Exchange from QRadar, follow these steps:
   1. Select either the Offenses tab, or the event details windows available on the Offenses.
   2. Right-click the URL you want to look up in X-Force Exchange and select Plugin Options > X-Force Exchange Lookup to open the X-Force Exchange interface.