In short, we use a platform called the a Security Intelligence Platform based on IBM Qradar SIEM, which is what we enrich from the X-Force engine so that we actually get threat intel from IBM X-Force. We also different leverage on content packs that we download from X-Force. We have thousands of rules that come out of the box with QRadar, which is the SIEM platform. But we need to leverage X-Force to get real time threats feeds and have an understanding of what will be happening, and get advisory on issues such as vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if we have been compromised. We can check for
- CVE or breach or malware threat to obtain more details regarding that coverage.