Question & Answer
Question
How can I monitor XPU release for a certain threat, critical security concern or Out-Of-Band update?
Cause
Customer, business partners, and other interested parties can benefit from an open-access online resource for self-service information and research regarding threats and IBM system coverage that is provided by the IBM X-Force Exchange (XFE) portal.
Answer
IBM® X-Force® Exchange is a cloud-based threat intelligence platform. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence and collaborate with your peers. One of the primary uses of the portal is for details regarding your IBM Network Protection and Intrusion Prevention System protection signatures. This is accessed automatically within your SiteProtector console when detail data is requested by a user.
You should establish an account to enable login to the portal. Having an account (rather than using "guest" access) enables enhanced functionality in the portal.
To view the portal, see the IBM X - Force Exchange website. More information regarding the portal is available at the IBM developerWorks website "Introducing IBM X-Force Exchange" or at additional locations on the IBM main website.
You can search for the vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if there has been a collection added or a report attached.
A Level-0 threat was handled by X-Force Research creating a collection on XFE. In the past, some customers may have known these as "alerts" or "advisories".
These "watchable" collection objects could be located and observed for developing information:
Note: At the time, of this article creation (4Q2015), there is a "known issue" in the XF Exchange portal whereby you must be logged in to the portal in order to see collections. The XFE development group will be enhancing this in 1Q2016 to be able to provide a direct link to the collection. But currently, if you are not logged in to the portal, then you will be unable to see the collection (advisory) written by research.
If there is nothing that is written, then it could mean we:
X-Force Research and Engineering are actively updating the Exchange portal daily so this should be your first place to check for new information.
You should establish an account to enable login to the portal. Having an account (rather than using "guest" access) enables enhanced functionality in the portal.
To view the portal, see the IBM X - Force Exchange website. More information regarding the portal is available at the IBM developerWorks website "Introducing IBM X-Force Exchange" or at additional locations on the IBM main website.
You can search for the vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if there has been a collection added or a report attached.
- If it is a CVE or breach or malware threat that we do protect by IPS, then use the portal search capability to locate information by CVE or other identifier to obtain more details regarding that coverage.
- If it is a CVE or breach or malware threat that we cannot protect by IPS, then normally our team of researchers is writing "collections" on XFE to update on what we do know.
A Level-0 threat was handled by X-Force Research creating a collection on XFE. In the past, some customers may have known these as "alerts" or "advisories".
These "watchable" collection objects could be located and observed for developing information:
- Log in to X-Force Exchange portal.
- Search by vulnerability number or by XPU number. For this example, see the vulnerability - 107918 Apache Commons Collections InvokerTransformer.class code execution.
- To the right-hand side is the collection (or advisory) with more technical details about the threat.
Note: At the time, of this article creation (4Q2015), there is a "known issue" in the XF Exchange portal whereby you must be logged in to the portal in order to see collections. The XFE development group will be enhancing this in 1Q2016 to be able to provide a direct link to the collection. But currently, if you are not logged in to the portal, then you will be unable to see the collection (advisory) written by research.
If there is nothing that is written, then it could mean we:
- Have no additional details available at that time, keep checking back.
- The vulnerability has been patched. There are no plans to cover via IPS (other products) or it may not be feasible.
- It is an issue where IBM X-Force might create a collection, but we cannot cover by product (IPS or malware) protection.
- If you still have questions, contact Technical Support for specific inquiries.
X-Force Research and Engineering are actively updating the Exchange portal daily so this should be your first place to check for new information.
[{"Product":{"code":"SSETBF","label":"IBM Security SiteProtector System"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Vulnerability (CVE)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
21 January 2021
UID
swg21972186