Authored by Stefan Walter, Front-End Developer, IBM Security.

According to a recent study from Enterprise Strategy Group (ESG), nearly one-third of organizations have trouble operationalizing threat intelligence despite the plethora of sources of threat data. Open standards have helped tremendously in the effort to incorporate threat intelligence into existing security solutions. In fact, over 50 vendors on the IBM X-Force Exchange are listed on the OASIS site as compatible with Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII). Open standards, however, can’t fix the research needed on the front end to actually investigate an incident.

X-Force Exchange Continues to Evolve

One of the major outcomes of the research IBM conducted when preparing to launch the X-Force Exchange was the crystallized image of a pile of scrap paper with frantic scribblings on it. Results from random internet searches, snippets overheard at a lunch with colleagues and notes from other employees do not make a cohesive investigation. It became clear that all the external threat data in the world would not help solve any security problems if it couldn’t get from that scrap paper into a security tool to enact blocking or protective actions.

Collections in the X-Force Exchange represent many things now, from private user investigations to formal X-Force advisories covering new vulnerabilities, malware campaigns and other significant concerns in the threat landscape. The Exchange has evolved to allow users to share reports on tactical observables, such as IP addresses, Domain Name Server (DNS) reports, vulnerabilities and malware file information. Users can also exchange human-generated context and related files with as wide a range of community as they’d like.

Watch the on-demand webinar: Transform Threat Intelligence Into Prevention In Minutes

Introducing the Quick Collection Feature

Often when you start investigating a potential security issue, you start your journey with one observable, be it an IP or URL you saw in a spam email or in your security information and event management (SIEM) logs, as an entry down the rabbit hole. You might find other clues, such as malware file hashes affiliated with a host IP address or known exploits for a particular vulnerability, and follow those tracks.

With the new Quick Collection feature on the X-Force Exchange, it’s easier to combine research findings into one collection. You can see your recently viewed reports and decide what’s worth adding to the collection and what’s not worth investigating further. You can create the collection from there and start working on a fresh one where all the relevant reports are already attached, then add details to fill in the gaps.

Once created, you can continue working with the collection as usual and invite individual colleagues or peers to add insights. There’s also the ability to join a private group to engage in collaborative defense. You can even share the collection publicly to pass on important findings with a broad audience or gain detailed insights from other researchers.

How to Use the Quick Collection Feature

On every page, there is a new folder/collection icon in the top right next to your profile image and the notification button. Clicking this icon will open a panel where you can view your recently visited reports. By clicking on the check box next to the reports, you can indicate what reports you want to add to the collection. Enter a name for the collection in the input field below and click the button labeled “Create.” After the collection is created, you will see the reports already attached.

To try the new quick collection feature, visit the IBM X-Force Exchange and check out our on-demand webinar, “Transform Threat Intelligence Into Prevention In Minutes,” to learn more about applying threat intelligence to security investigations.

more from Threat Intelligence

A Response Guide for New NSA and CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading.  Many of the vulnerabilities in the report are not new. Instead, the report…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that…

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…