Dienstag, 26. Mai 2015

Introducing IBM X-Force Exchange

Several weeks ago IBM launched there X-Force Exchange Webinterface.
Basically, the idea behind this is to have a collaboration platform where all people working within the security area or are interested can check for urls, malware or IP information and share their knowledge
https://exchange.xforce.ibmcloud.com/

There is a API available. You will find the link in the left lower corner after you have created an account and are logged in.

https://github.com/johestephan/sendmespamids.py

Is the script and toolbox for this IDS. To respond to the new platform and to use the huge database IBM has created over the time, I added ibmxforce and the the XFupload.py script to my toolbox.

The script in the current state does
  • -u <url> - query the given url to the api and display the information, this is for normal urls like http://sendmespamids.blogspot.nl
  • -m <url> - query the given url and display the information, this is for normal urls like http://sendmespamids.blogspot.nl/agivenfile
  •  -f  <file> - will create a md5 hash from a given file and query this hash against the api and display the result
Currently only the raw json output will be displayed. I am working on a deeper integration of the script into the toolbox, so stay tuned for updates.
 
You will need an authentication token to use the api. This one will be fetched and stored on the first run, so please ensure that the folder is writeable.


IBM and XFORCE are trademarks, brands which belongs to IBM (www.ibm.com)