Anomali Marketplace

Connect with the Anomali CISO community

Anomali Preferred Partner Store

The only marketplace for threat intelligence, enrichments, and integrations.

Overview
Threat Intelligence Feeds
Threat Analysis Tools
Security System Partners

Turnkey integrations with your existing security infrastructure

Anomali ThreatStream aggregates threat intelligence under one platform, providing an integrated set of tools to support fast, efficient investigations, and delivering "operationalized" threat intelligence into security controls at machine speed.

Interested in leveraging threat intelligence in your security solution? Become an Anomali Technology Partner and let's solve customer problems together!

get started

SIEM Integrations

Add high-fidelity threat intelligence to event data in your SIEM so your SOC analysts can focus on the real threats rather than false positives. Anomali continuously gathers and risk-ranks threat intelligence (for severity and confidence) and delivers enriched, prioritized IoCs with threat context and relevance to your SIEM for monitoring and detection of security threats in your enterprise infrastructure.

Anomali's security operations ecosystem includes turnkey integrations with the leading SIEM and data lake solutions, including:

SOAR Integrations

SOAR tools give your SOC team the ability to automate and orchestrate the security incident response lifecycle. Anomali's threat intelligence and detection products tightly integrate with the industry's leading SOAR solutions, providing the triggers to initiate incident response and remediation, as well as to help incident response teams enrich, investigate and prioritize incidents with contextualized threat intelligence.

Integrated Anomali SOAR partners include:

Firewalls and Network Security Integrations

Firewalls and network security solutions – often regarded as the key to preventing malicious threats from penetrating your network – are tightly integrated with the Anomali ThreatStream platform. ThreatStream automatically delivers the high-fidelity threat intelligence of your choice to your network perimeter and security products to actively protect your users and assets and to minimize false positives.

Anomali network security solution partners with ready-to-deploy integrations include:

Endpoint Security Integrations

Focus on meaningful threats by combining real-time threat intelligence with event data in your endpoint detection and response deployment, allowing your security team to defend proactively and respond faster. In addition to the automated delivery of enriched and risk-ranked indicators to your protection services, integrated External Lookup gives your analysts needed information about alerts at their fingertips, taking them to Anomali ThreatStream intelligence details pages. From here, analysts are provided with all available context – and should an indicator be attributed to a specific actor group or campaign, ThreatStream will provide related observables and threat models which you need to be aware of to efficiently thwart attacks.

Anomali endpoint security solution partners with off-the-shelf integrations include:

Risk & Vulnerability Management Integrations

Integrate Anomali with your risk and vulnerability management platform to understand the health of your corporate assets and how adversaries might impact your business. Our integrations can help you understand how gaps in your security could be leveraged by an adversary to gain access to key assets, and focus your corrective actions before a breach event can take place. Automated, real-time delivery of critical, contextualized intelligence on the most relevant threat actors and their TTPs allows you to identify related control gaps or misconfigurations, then refine your security stack to reduce risk and increase assurance.

Anomali risk and vulnerability management solution partners with off-the-shelf integrations including:

Partners
Bandura
The Bandura platform is a purpose-built solution that, along with out-of-box threat intelligence, integrates with the Anomali Threat Platform to aggregate, automate, and operationalize massive amounts of threat intelligence. The platform blocks known threats and unwanted traffic, enabling organizations to strengthen their network defenses, reduce staff workload, and maximize the value of existing security controls.
DatasheetWebsite
Broadcom ProxySG
Symantec delivers high-performance on-premises secure web gateway appliances that protect organizations across the web, social media, applications, and mobile networks. Combine with cloud-delivered Web Security Service for a centrally-managed, hybrid secure web solution.
DatasheetWebsite
Carbon Black
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.
DatasheetWebsite
Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Check Point offers a multilevel security architecture that defends enterprises’ cloud, network and mobile device held information, plus the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
DatasheetWebsite
Cisco ASA
Beat sophisticated cyber attacks with a superior security appliance. We offer the industry’s first threat-focused next-generation firewall (NGFW), the ASA 5500-X Series.
DatasheetWebsite
Cloudera
Cloudera delivers the modern platform for machine learning and advanced analytics built for the cloud. The world’s leading organizations trust Cloudera to help solve their most challenging business problems by efficiently capturing, storing, processing and analyzing vast amounts of data.
DatasheetWebsite
CrowdStrike
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time. CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.
DatasheetWebsite
Elasticsearch
From startups to the global 2000, Elastic powers search solutions for thousands of companies worldwide to find documents, monitor infrastructure, protect against security threats, and more.
DatasheetWebsite
FireEye
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and our world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks.
DatasheetWebsite
Forcepoint
The Forcepoint Platform delivers comprehensive coverage over the cloud. It’s SaaS protection that keeps users and data safe across your entire enterprise.
DatasheetWebsite
FortiSOAR
FortiSOAR™ is a holistic and enterprise-built security orchestration and security automation workbench that empowers security operation teams. FortiSOAR™ increases a team’s effectiveness by increasing efficiency, allowing for response in near real-time.
DatasheetWebsite
IBM Qradar
IBM® QRadar® SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives. As an option, this software incorporates IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
DatasheetWebsite
IBM Resilient
IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 200 global customers, including 50 of the Fortune 500, and hundreds of partners globally.
DatasheetWebsite
Infoblox
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. We are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core—enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
DatasheetWebsite
LogRhythm
LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyberthreats. The company’s patented award-winning platform unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration (SAO) and advanced security analytics. In addition to protecting customers from the risks associated with cyberthreats, LogRhythm provides compliance automation and assurance, and enhanced IT intelligence.
DatasheetWebsite
LogicHub
The LogicHub SOAR+ platform delivers autonomous detection and response, advanced analytics, and machine learning to automate decision making with extreme accuracy.
DatasheetWebsite
McAfee ESM
McAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.
DatasheetWebsite
Micro Focus
Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. Our portfolio enables our 20,000 customers to build, operate and secure the applications and IT systems that meet the challenges of change. We are a global software company, committed to enabling customers to both embrace the latest technologies and maximize the value of their IT investments. Everything we do is based on a simple idea: the fastest way to get results from new technology investments is to build on what you have–in essence, bridging the old and the new.
DatasheetWebsite
Microsoft Azure Sentinel
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel allows Security Operation Center (SOC) analysts to detect actionable threats in their security posture and take actions on them. Azure Sentinel integrates with Anomali to offer first class threat intelligence in the product. You can import threat intelligence from Anomali LIMO servers using the Azure Sentinel TAXII data connector and also from Anomali ThreatStream using the Threat Intelligence Platforms data connector. Once the threat intelligence from Anomali is brought into Azure Sentinel, it can be used for threat analysis, detection, investigation and hunting.
DatasheetWebsite
Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets.
DatasheetWebsite
Qualys VM

This enrichment integrates vulnerability assessment data and queries vulnerable hosts from Qualys VM, allowing for risk prioritization that is based on real-world activity.

DatasheetWebsite
RSA NetWitness
RSA® Business-Driven Security™ solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and reduce business risk, fraud and cybercrime. RSA protects millions of users worldwide and works with more than 90 percent of the Fortune 500.
DatasheetWebsite
Rapid7
In these rapidly changing times, you shouldn’t have to worry about your security program. Rapid7 is here to help you reduce risk across your entire connected environment so your company can focus on what matters most. Whether you need to easily manage vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, or automate your operations — we have solutions and guidance for you.
DatasheetWebsite
ServiceNow

The Anomali and ServiceNow integration leverages a bi-directional workflow that works hand-in-hand to consolidate incident intelligence and remediation processes. Anomali ThreatStream and ServiceNow Security Operations work together to accelerate investigation and remediation of security incidents.This is accomplished by associating intelligence about indicators of compromise in ServiceNow security incidents with context from AnomaliThreatStream, including threat score, confidence level, source, and severity.

DatasheetWebsite
Siemplify
From case creation, through investigation to remediation – Siemplify provides the intuitive, cloud-native workbench security operations teams have been craving to effectively respond at scale.
DatasheetWebsite
Splunk

The Anomali ThreatStream App for Splunk empowers Splunk users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Splunk users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Splunk, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.).

DatasheetWebsite
Sumo Logic
More than 2,100 enterprises around the world rely on Sumo Logic platform to monitor, troubleshoot and secure their applications at cloud-scale. The Sumo Logic platform helps you make data-driven decisions and reduce the time to investigate security and operational issues so you can free up resources for more important activities.
DatasheetWebsite
Tanium
Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations.
DatasheetWebsite
Tenable

Tenable delivers unparalleled coverage and comprehensive insight to enable you to detect vulnerabilities, assess risk, and prioritize remediation for every asset, in every environment.

Anomali ThreatStream has an enrichment integration available for Tenable Security Center -Tenable's on-premise risk and vulnerability management solution. This enrichment allows users to query their Tenable Security Center instance with a vulnerability, and view affected asset details in ThreatStream for further analysis.

DatasheetWebsite
Verodin
Verodin, part of FireEye, is a platform that has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value. The Verodin Security Instrumentation Platform (SIP) proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. By measuring and testing security environments against both known and newly discovered threats, Verodin SIP identifies risks in security controls before a breach occurs and permits companies to rapidly adapt their defenses to the evolving threat landscape. Verodin SIP does this by instrumenting an IT environment to test the effectiveness of network, endpoint, email and cloud controls and provides quantifiable evidence that investments made in controls are actually delivering the expected business outcomes.
DatasheetWebsite
Zeek
Zeek is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
DatasheetWebsite
Zscaler
Zscaler services enable customers to move securely to a modern cloud architecture. The Zscaler cloud connects users to applications, regardless of where users connect or where the applications are hosted, while providing comprehensive security and a fast user experience. Zscaler offers two service suites that eliminate the cost and complexity of gateway appliances. Zscaler Internet Access securely connects users to internet and SaaS applications, scanning every byte of traffic to protect against cyber threats and data leakage. Zscaler Private Access provides fast access to internal applications hosted in the data center or public clouds—without the need for a VPN.
DatasheetWebsite
A man wearing headphones and looking at a computer screen.

Improve your detection and response capabilities

Organizations rely on Anomali to harness the power of threat intelligence to deliver effective extended detection and response (XDR) capabilities.

Schedule Demo