ceven

IBM X-Force Exchange

Pulls global threat intelligence and reputation data into your security operations to automate indicator blocking and vulnerability research.

Try IBM X-Force Exchange in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native IBM X-Force Exchange integration

    • Describe the outcome and Ceven picks the right IBM X-Force Exchange calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your IBM X-Force Exchange data, across all 7 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke IBM X-Force Exchange access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in IBM X-Force Exchange, when, and on whose behalf.
    • The agent pauses and asks when IBM X-Force Exchange is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach IBM X-Force Exchange.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every IBM X-Force Exchange action to support review and sign off.

Supported tools

Every action Ceven's agents can run on IBM X-Force Exchange, and when to use it.

Get Latest Public Collections
Use this when you need to pull the most recent public threat collections without dealing with pagination.
Get Public Collections Paginated
Pull all public collections using pagination. Use this for comprehensive audits of available threat intelligence.
Get IPR Category List
Retrieve the full list of IP reputation categories to understand how X Force classifies malicious addresses.
Get URL Category List
Retrieve the complete list of URL categories to map web traffic against known threat classifications.
Get User Profile Information
Pull account details, membership stats, and current integration settings for the authenticated user.
Get Current API Version
Check the running API version and build number to ensure workflow compatibility with X Force updates.
Generate API Key and Password
Create a new set of credentials for API access. Use this to rotate keys or set up new service accounts.

7 actions · scroll to see them all

Frequently asked questions

Ceven uses a secure credential vault to store the API key and password pair generated via the IBM X Force Exchange platform. When a workflow runs, the agent retrieves these credentials and passes them in the request header to authenticate with the IBM cloud infrastructure. We never store these keys in plain text or expose them to the model prompts. If you need to rotate your keys for security compliance, you can use the Generate API Key action within Ceven to create a new pair and update your connection settings without having to manually copy strings from the IBM dashboard into the Ceven interface.
Yes. While IBM X Force provides the intelligence, Ceven provides the action. You can build a workflow that triggers whenever a new public collection is updated. The agent pulls the indicators from IBM X Force, filters them by the risk categories you define using the IPR category list, and then calls the API of your firewall or cloud security group to add those IPs to a deny list. This turns a static feed into a real time defense mechanism that requires no human intervention once the logic is set and the categories are mapped.
The latest public collections tool is optimized for speed and freshness. It pulls only the most recent entries, making it ideal for high frequency polling where you only care about the newest threats. The paginated tool is designed for deep discovery and data migration. It allows the agent to walk through the entire history of public collections. If you are building a local database of historical threats, use the paginated tool. For real time alerting on new threats, the latest collections tool is the correct choice to avoid unnecessary API overhead.
Yes. IBM X Force Exchange enforces strict rate limits based on your account tier. If a Ceven workflow attempts to pull thousands of indicators in a tight loop, you may encounter 429 Too Many Requests errors. To handle this, Ceven implements an exponential backoff strategy. The agent will detect the rate limit signal and pause execution before retrying the request. For very large data pulls, we recommend using the paginated tools with a deliberate delay between calls to ensure your account remains in good standing and your workflows do not stall.
The URL category list provides the taxonomy IBM uses to label the web. Instead of just knowing a site is bad, Ceven can identify if a site is categorized as phishing, malware distribution, or a command and control server. You can use this to apply different levels of severity to your alerts. For example, a site categorized as a proxy might trigger a low priority warning, while a site categorized as a known ransomware distribution point would trigger an immediate isolation of the affected workstation and page the on call engineer.
Ceven allows you to perform essential account maintenance via the API. You can retrieve your user profile information to check your membership status and integration configurations. More importantly, you can generate new API keys and passwords directly from the Ceven interface. This is particularly useful for teams that rotate secrets every thirty or ninety days. Instead of logging into the IBM portal and manually updating various scripts, you can run a single workflow that generates the new key and updates all connected systems simultaneously.
The current integration focuses on public collections and global reputation data. Public collections are the primary source for community driven threat intelligence. If your organization maintains private collections, you must ensure the API key used by Ceven has the explicit permissions granted within the IBM X Force dashboard to access those specific resources. If the permissions are not set correctly on the IBM side, the API will return an empty list or a forbidden error, as Ceven can only access what the provided credentials allow.
Ceven includes a specific action to Get Current API Version. This is used during the initial handshake and periodically during long running workflows. Because security APIs evolve to meet new threat landscapes, IBM may update the data schema or deprecate certain endpoints. By checking the version and build number, the Ceven agent can adjust its parsing logic or notify the administrator if a version mismatch is detected that could lead to data loss or incorrect threat classification, ensuring your security pipeline remains stable.

Alternatives to IBM X-Force Exchange

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

CrowdStrike logoCrowdStrikeRecorded Future logoRecorded FutureThreatConnect logoThreatConnect

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect IBM X-Force Exchange and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free