IBM X-Force Exchange plug-in for QRadar

IBM® X-Force® Exchange is a sharing platform for threat intelligence that is used by security analysts, network security specialists, and security operations center teams.

The IBM X-Force Exchange (XFE) plug-in provides the option to search the information on the IBM X-Force Exchange website for IP addresses, URLs, CVEs, and web applications that are found in QRadar®.

For example, you can right-click a URL from a QRadar event to see what data the X-Force Exchange contains about the URL.

You can also use the right-click lookup option to submit IP addresses or URL data from QRadar searches, offenses, and rules to a public or private collection. The collection stores the information in one place as you use the data for more research.

Collections also contain a section that serves as a wiki-style notepad, where you can add comments or any free text that is relevant. You can use the collection to save X-Force reports, text comments, or any other content. An X-Force report has both a version of the report from the time that it was saved and a link to the current version of the report.