BLOG

Category: ThreatStream

Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Making a Case for Internal Threat Intelligence

Very often when I demonstrate our Threat Intelligence Platform (TIP), ThreatStream and show the breadth of open source threat intelligence we collect and curate, organizations struggle to understand that:a. We do not have a record of every indicator that’s bad or malicious b. The definition...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Seven Characteristics of a Successful Threat Intelligence Program

For every enterprise Threat Intelligence Program, there is a fine line between success, neglect, and failure. But what defines the success of a Threat Intelligence Program? The definitions of that success can vary greatly depending on the nature of the organization. Given the varying sizes, technologies, and skill levels of...
Read More


Cyber Threat Intelligence STAXX Threat Intelligence Platform ThreatStream

Making Sense of a “Threat Intelligence Platform”

Recently while minding my business at a trade show, a passerby turned his head towards my booth, scanned the Anomali banner behind me proclaiming our status as a Threat Intelligence Platform, and blurted out “You’ve got too many buzzwords!”.  As my self-righteous accoster scurried along...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Anomali at RSA Conference 2018

It’s the last day of RSA Conference 2018, and what a week it’s been!We made a few announcements....We’re collaborating with Microsoft Intelligent Security Graph (ISG) to bring new security insights into threat data for joint customers. The integration pairs threat intelligence from Anomali...
Read More


ThreatStream

Introducing the Newly Certified ThreatStream QRadar App

Here at Anomali we have over 30 out-of-the box integrations, from SIEMs to endpoints and everything in between. Our QRadar integration is one of our most popular.The QRadar app and Content Pack available to ThreatStream customers provide security analysts visibility into threats within their network by matching and enriching...
Read More


Cyber Threat Intelligence Malware Research ThreatStream

A Timeline of APT28 Activity

APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Heads Up! A Phishing Attack Early Warning System

You're probably familiar with Anomali's Threat Bulletins. If not, go and have a read of our most recent one covering "TODO." Threat Bulletins provide information about an event to derive information detailing the tactics, techniques, and procedures used by the attacker. This helps you to...
Read More


Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Generating Your Own Threat Intelligence Feeds in ThreatStream

Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched...
Read More


Anomali Enterprise Cyber Threat Intelligence Malware SIEM ThreatStream

What I’ve Learned as a Part-Time Cyber Threat Analyst Using Anomali Enterprise

A few months ago I wrote a post detailing how Anomali Enterprise helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs...
Read More


Cyber Threat Intelligence SIEM Splunk ThreatStream

ThreatStream Matches As Notable Events in Splunk? Here’s How…

In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking;...
Read More


Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream

Automate Your Workflows With Threat Intelligence Alerts in Slack

Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More


Malware ThreatStream

Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream

By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More


Cyber Threat Intelligence SIEM Splunk ThreatStream

Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More


Anomali Enterprise ThreatStream

Anomali Opens New Office in Belfast, Ireland

One of the biggest challenges that comes with delivering a popular product is managing the associated growth. Anomali has experienced tremendous growth each year since its founding in 2013. As Anomali continues to grow in Europe, it only makes sense to increase our presence to serve that market.“Anomali has...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Passive DNS Analytic Use Cases in ThreatStream

As mentioned in our previous blogpost on passive DNS (PDNS), ThreatStream recently added passive DNS to its Optic™ Platform.  Passive DNS is a technique for capturing, storing, and indexing DNS queries and responses to enable forensic search, discovery, and analysis over historic DNS records.  It enables analysts...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Introduction to Passive DNS Usage in ThreatStream

As most seasoned security and forensics analysts know, passive DNS (PDNS) is incredibly useful for discovering new relationships between IP addresses and domain names when researching or triaging a new network Indicator of Compromise (IoC).  Passive DNS is a technique for capturing, storing, and indexing DNS queries and responses...
Read More


Cyber Threat Intelligence SIEM Threat Intelligence Platform ThreatStream

ThreatStream OPTIC Maltego Integration

  ThreatStream LABS is excited to announce the capability for ThreatStream customers to utilize OPTIC's extensive intelligence database from within Paterva's Maltego Data and Link visualization tool using our new Maltego transforms.  These transforms allow users to enrich entities and expand on indicators of warning (IOW)...
Read More


Threat Intelligence Platform ThreatStream

Buckle Up

Today is a huge day for ThreatStream. Just under two years ago we entered the market with a simple idea: to properly defend your network from cyber threats you have to know who is attacking you. Most companies operate without this knowledge, but ThreatStream is essentially changing this paradigm with...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

ThreatStream: A New Approach

Listen to ThreatStream CEO, Hugh Njemanze discuss the growth of threat intelligence and how ThreatStream differentiates itself from others in the industry.
Read More


Get the latest threat intelligence news in your email.