Improve Email Threat Protection with Abusix Guardian Intel: Now Available in ThreatStream

About Abusix Guardian Intel

Abusix Guardian Intel delivers live, actionable threat data sourced from a global sensor network monitoring abuse, spam, phishing, and malware infrastructure. Guardian Intel is particularly effective for email threat protection through the identification of compromised IPs via specialized mechanisms and monitoring of high volumes of malicious email to determine responsible IPs. Key sources of data include:

• Honeypots - deceptive systems designed to attract and log malicious activity
• Spamtraps - email addresses that should never receive legitimate mail
• Sinkholes - network resources configured to capture traffic intended for malicious or defunct systems
• SMTP Transaction Feeds - real-time and batch data collected from mail server interactions
• Policy Blocklist Scanners & Welcomelists - tools that actively validate server behavior against policy expectations
• Partners, ISPs, and Customer Contributions - data provided directly from trusted partners, ISPs, and customers

While many threat intelligence providers begin from network traffic or endpoint telemetry, Abusix Guardian Intel focuses on email protection. This gives Guardian Intel early visibility into phishing campaigns, spam runs, botnet proliferation, and malware distribution infrastructure, often before it hits broader discovery. For more information, check out the Guardian Intel documentation.

Activating the Abusix Feed in ThreatStream

Activating the Abusix feed in ThreatStream allows CTI teams to correlate Guardian Intel with other active intelligence sources in ThreatStream. Anomali provides additional context about the severity/confidence of potential threats, deduplicates any indicators of compromise (IoCs) that are present in other active intelligence feeds, and can seamlessly distribute this intelligence to other security tools.

Activating the feed in ThreatStream requires an active subscription for Abusix Guardian Intel, though a free trial is available and can be requested via the ThreatStream APP Store. To enable the feed, users must click on the “Abusix Threat Intelligence” tile within the ThreatStream APP Store and submit their credentials provided by Abusix.

Get Started with Anomali ThreatStream

If you’d like to see how Anomali ThreatStream can help to contextualize, enrich, deduplicate, and distribute Abusix's Guardian Intel along with 200+ other intelligence feeds available in the ThreatStream APP Store, request a demo today.

‍