Getting IBM X-Force Exchange Threat Intelligence TAXII Service Information for Use with Microsoft Sentinel
Welcome to Johnny Cab
UPDATE: As of July 20, 2023, IBM no longer offers a complimentary version of this service. To utilize the steps outlined here, you need to create a 30-day trial and eventually pay for the service.
ORIGINAL ARTICLE:
I was surprised to find how thorough and feature rich IBM’s X-Force Exchange really is. Some of you may already be a subscriber, but if not, you might consider looking into it to utilize the Threat Intelligence provided for Microsoft Sentinel through TAXII. In our Docs, we talk about IBM X-Force, but only supply a link to read more about the service.
Here’s how to get an account, the API key and password, and then locate the TAXII information.
Sign-up for an account at the following location: https://exchange.xforce.ibmcloud.com/
Once you have the account, login to the IBM X-Force Exchange console to reveal the dashboard.
To get the API information, tap or click your profile icon and got to Settings - API Access.
Once you have your API key and password (generated for you by the IBM X-Force Exchange system), supply it in the provided areas in the API Docs page: https://api.xforce.ibmcloud.com/doc/
Once you have the API information, supply it in the Threat Intelligence - TAXII connector in Microsoft Sentinel.
To locate and show all the available Collection IDs, use the Curl utility with following format:
curl -u YourAPIKey:YourPassword -H "Accept: application/vnd.oasis.taxii+json; version=2.0" https://api.xforce.ibmcloud.com/taxii2/collections
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]