The IBM X-Force Exchange Action Bundle enables the automatic enrichment of indicators within your Threat Library.

The integration provides the following actions:

• IBM X-Force Exchange Enrichment - fetches enrichment context such as tags, categories, and scores from the IBM X-Force Exchange API.
• IBM X-Force Exchange - Get Relation IOCs - fetches indicators associated with malware that are related to the input indicators.

The actions are compatible with the following indicator types:

• CVE
• FQDN
• IP Address
• IPv6 Address
• URL
• MD5
• SHA-1
• SHA-256

The actions return enriched indicators to the ThreatQ platform.

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.