lookup_malware
Look up malware intelligence by file hash or family name. When querying by hash, returns details about origins, risk level, family classification, and detection coverage. When querying by family name, returns related malware samples.
Supports MD5, SHA1, and SHA256 hashes.
search_vulnerabilities
Search the X-Force vulnerability database by full-text query, specific identifier (CVE, XFID, BID, RHSA, Microsoft Bulletin), or retrieve recently reported vulnerabilities.
Returns vulnerability details including CVSS scores, affected platforms, remediation guidance, and references.
lookup_ip_reputation
Look up the threat reputation of an IP address. Returns risk score, geolocation, content categories, and reputation history. Optionally includes associated malware information.
Supports IPv4 and IPv6 addresses. Categories include Spam, Malware, Bots, Scanning IPs, Anonymisation Services, and more.
lookup_url_reputation
Look up the threat reputation and content categorization of a URL or domain. Returns risk score, content categories, and associated malware.
Use this to check if a URL is associated with phishing, malware distribution, or other malicious activity.
manage_collections
List, search, retrieve, or create threat intelligence collections (case files). Collections are collaborative workspaces for aggregating indicators of compromise (IPs, URLs, malware hashes, vulnerabilities) and contextual notes.
Use the **action** field to specify the operation: "list" for your own, "listPublic" for public, "search", "get", or "create".
lookup_app_profile
Look up the risk profile of an internet application (e.g., Facebook, Instagram, Dropbox). Returns application description, content categories, supported actions, risk factors, and associated URLs.
You can search by exact application name or do a full-text search to discover applications.
get_threat_reports
List or retrieve IBM X-Force premier threat intelligence reports. Includes Threat Analysis, OSINT Advisory, Malware Analysis, Industry Profile, and Threat Group Profile reports.
Reports can be filtered by type and date range. Provide a reportId to get the full report content, or omit it to list/search available reports.
lookup_dns_whois
Retrieve DNS records and/or WHOIS registration information for a domain, IP address, or URL.
DNS results include A, AAAA, MX, TXT, and other record types. WHOIS results include registrant information, creation/expiration dates, and registrar details.
get_api_usage
Retrieve your current API usage statistics for IBM X-Force Exchange. Shows consumption details per month for each subscription type, including entitlement limits and current usage counts.