Authored by Stefan Walter, Front-End Developer, IBM Security.

According to a recent study from Enterprise Strategy Group (ESG), nearly one-third of organizations have trouble operationalizing threat intelligence despite the plethora of sources of threat data. Open standards have helped tremendously in the effort to incorporate threat intelligence into existing security solutions. In fact, over 50 vendors on the IBM X-Force Exchange are listed on the OASIS site as compatible with Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII). Open standards, however, can’t fix the research needed on the front end to actually investigate an incident.

X-Force Exchange Continues to Evolve

One of the major outcomes of the research IBM conducted when preparing to launch the X-Force Exchange was the crystallized image of a pile of scrap paper with frantic scribblings on it. Results from random internet searches, snippets overheard at a lunch with colleagues and notes from other employees do not make a cohesive investigation. It became clear that all the external threat data in the world would not help solve any security problems if it couldn’t get from that scrap paper into a security tool to enact blocking or protective actions.

Collections in the X-Force Exchange represent many things now, from private user investigations to formal X-Force advisories covering new vulnerabilities, malware campaigns and other significant concerns in the threat landscape. The Exchange has evolved to allow users to share reports on tactical observables, such as IP addresses, Domain Name Server (DNS) reports, vulnerabilities and malware file information. Users can also exchange human-generated context and related files with as wide a range of community as they’d like.

Watch the on-demand webinar: Transform Threat Intelligence Into Prevention In Minutes

Introducing the Quick Collection Feature

Often when you start investigating a potential security issue, you start your journey with one observable, be it an IP or URL you saw in a spam email or in your security information and event management (SIEM) logs, as an entry down the rabbit hole. You might find other clues, such as malware file hashes affiliated with a host IP address or known exploits for a particular vulnerability, and follow those tracks.

With the new Quick Collection feature on the X-Force Exchange, it’s easier to combine research findings into one collection. You can see your recently viewed reports and decide what’s worth adding to the collection and what’s not worth investigating further. You can create the collection from there and start working on a fresh one where all the relevant reports are already attached, then add details to fill in the gaps.

Once created, you can continue working with the collection as usual and invite individual colleagues or peers to add insights. There’s also the ability to join a private group to engage in collaborative defense. You can even share the collection publicly to pass on important findings with a broad audience or gain detailed insights from other researchers.

How to Use the Quick Collection Feature

On every page, there is a new folder/collection icon in the top right next to your profile image and the notification button. Clicking this icon will open a panel where you can view your recently visited reports. By clicking on the check box next to the reports, you can indicate what reports you want to add to the collection. Enter a name for the collection in the input field below and click the button labeled “Create.” After the collection is created, you will see the reports already attached.

To try the new quick collection feature, visit the IBM X-Force Exchange and check out our on-demand webinar, “Transform Threat Intelligence Into Prevention In Minutes,” to learn more about applying threat intelligence to security investigations.

More from Threat Intelligence

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…