Anomali Marketplace
Connect with the Anomali CISO community
Anomali Preferred Partner Store
The only marketplace for threat intelligence, enrichments, and integrations.
Choose from 200+ specialized and open source intelligence offerings to improve your security posture
With the APP Store, you can easily evaluate and purchase threat intelligence streams and investigation enrichment offerings offered by Anomali partners directly in the ThreatStream admin console, as well as customize your included subscriptions to more than 100 open-source threat feeds.
Interested in featuring your intelligence on the Anomali APP Store? Let’s discuss how you can become an Anomali Technology Partner.
Threat Intelligence Feeds
Anomali’s pre-integrated partner ecosystem includes the leading global research vendors offering indicators and insights spanning threat categories you need to secure your business, letting you easily implement your intelligence coverage strategy across a breadth of threat categories in the APP Store, including:
Threat Intelligence Partners
Partners
Accenture DeepSight
Threat Intelligence Feeds
Accenture DeepSight addresses every stage of the attack lifecycle with industry-leading threat intelligence, advanced monitoring, incident response, and cyber skills development services.
Anomali Premium Digital Risk Protection
Threat Intelligence Feeds
Anomali Premium Digital Risk Protection provides a feed of threat models and observables focused on digital threats to your organization and assets. Includes compromised credentials, domain registrations, suspicious apps, and more. With a dashboard and insights from the Anomali Threat Research team.
Bfore.Ai
Threat Intelligence Feeds
Bfore.Ai is a leader in predictive security solutions helping organizations prevent intrusions and data exfiltration by predicting vectors of future attacks. The information is used in PreCrime™ - predictive cyber threat intelligence that enhances existing security solutions (firewalls, DNS resolvers, anti-phish filters, proxies, etc.) with foresight. Bfore.Ai’s patented AI technology combined with hyperscale observation infrastructure and modern APIs augment customers' security postures with predictions.
Blueliv
Threat Intelligence Feeds
Blueliv is a leading provider of targeted cyber threat information and analysis intelligence for large enterprises and service providers. Our deep expertise, global high-quality data sources, and proprietary big-data analysis capabilities enable our clients to successfully prevent targeted cyber attacks and strategically minimize future threats. The Blueliv cyber threat platform and feed address a comprehensive range of cyber threats to turn global threat data into predictive, actionable intelligence specifically for each enterprise and the unique threats it faces. Our powerful search and big-data analytics capabilities deliver real-time actionable information and adaptive response to our clients and partners.
CSIS Security Group
Threat Intelligence Feeds
We're an independent cyber security services company with a single focus - detecting and mitigating threats to protect our customers’ assets, brands and users. We create value by sharing our threat intelligence expertise, and help protect some of the world's largest commercial enterprises. Trusted by law enforcement agencies, government, business and news media, we are more than 60 cyber security professionals from over 20 countries.
Cicso AMP Threat Grid
Threat Intelligence Feeds
Cisco® Threat Grid combines two of the leading malware protection solutions: unified malware analysis and context-rich intelligence. It empowers security professionals to proactively defend against and quickly recover from cyber attacks. Cisco Threat Grid crowd-sources malware from a closed community and analyzes all samples using proprietary, highly secure techniques that include static and dynamic (sandboxing) analysis. It correlates the results with hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Security teams can quickly correlate a single sample of observed activity and characteristics against millions of other samples to fully understand its behaviors in a historical and global context.
Cofense
Threat Intelligence Feeds
Cofense empowers your people to recognize phishing attacks and stop them in minutes, not days. Our end-to-end phishing defense solution combines cutting-edge technology with collective human intelligence to protect your organization from inbox to SOC. Cofense Intelligence is timely, trusted, high-fidelity, and contextual phishing-specific attack intelligence to help fight rapidly evolving threat landscape.
CrowdStrike
Threat Intelligence Feeds
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time. CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.
Dataminr Pulse
Threat Intelligence Feeds
Dataminr Pulse for Cyber Risk brings the leading AI-powered real-time alerting into Anomali, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.
Digital Shadows
Threat Intelligence Feeds
Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the visible, deep and dark web to protect the company’s business and reputation. Digital Shadows SearchLight™ service combines the industry’s most comprehensive and scalable data analytics combined with human data security experts to protect an organization from digital risks.
Dragos
Threat Intelligence Feeds
The Dragos ICS asset identification, threat detection and response platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies. Dragos’ offerings also include professional services, and Dragos WorldView for regular threat intelligence reports. Dragos is headquartered in the Washington, DC area.
Emerging Threats
Threat Intelligence Feeds
Proofpoint ET Intelligence delivers the most timely and accurate threat intelligence. Their fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making.
Facebook ThreatExchange
Threat Intelligence Feeds
Most threat intelligence solutions suffer because the data is too hard to standardize and verify. Facebook created the ThreatExchange platform so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups.
Farsight Security
Threat Intelligence Feeds
Farsight Security provides rapid threat detection and response to rapidly identify and react to incursions of your internet presence and brand. Real-time contextual information increases the value of threat data for the enterprise, government and security industries. Farsight provides the world’s most security conscious organizations with threat intelligence and incident threat detection, protecting users and their infrastructure.
Flashpoint
Threat Intelligence Feeds
Flashpoint strives to empower their customers to make better decisions in support of their customers' business or mission by gathering the most salient data publicly available on the internet and providing meaningful, timely, relevant, and actionable insights through a fusion of technology and subject matter expertise. Their ultimate goal is to make the world a safer place by empowering people and organizations everywhere to detect, understand, and mitigate the risks that matter to them the most.
Fox-IT
Threat Intelligence Feeds
Fox-IT prevents, solves, and mitigates the most serious cyber threats with innovative solutions for government, defense, law enforcement, critical infrastructure, banking, and commercial enterprise clients worldwide. Our approach combines human intelligence and technology into innovative solutions that ensure a more secure society. We develop custom and packaged solutions that maintain the security of sensitive government systems, protect industrial control networks, defend online banking systems, and secure highly confidential data and networks.
Gatewatcher
Threat Intelligence Feeds
LastInfoSec, Gatewatcher’s Cyber Threat Intelligence (CTI) offering, optimizes your existing resources and helps you to see further. Compatible with all cybersecurity solutions, it immediately improves your detection by enriching it with contextual information on internal and external cyber threats specifically targeting your business.
Georgia Tech Research Institute (GTRI)
Threat Intelligence Feeds
The Georgia Tech Research Institute is a highly-regarded applied research and development organization. Each day, GTRI’s science and engineering expertise is used to solve some of the toughest problems facing government and industry across the nation and around the globe. GTRI redefines innovation by tackling customers’ most complex challenges with the right mix of expertise, creativity and practicality. Our expert scientists and engineers turn ideas into workable solutions and then put those solutions into action. GTRI has 76 active US Letters Patents, 43 pending US patent applications and 15 pending provisional applications in the United States.
Greynoise Intelligence
Threat Intelligence Feeds
Turning internet noise into intelligence. Trusted by global enterprises and thousands of users to drive security team efficiency, eliminate false positives and focus on real threats.
Group-IB
Threat Intelligence Feeds
Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.
ISight Partners
Threat Intelligence Feeds
FireEye iSIGHT Threat Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem. Get the intel you need to predict attack and refocus your attention on what matters most to your business.
Intel 471
Threat Intelligence Feeds
Intel 471 provides an actor-centric intelligence collection capability for the world's leading cyber threat intelligence teams. Their intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.
Kaspersky
Threat Intelligence Feeds
Most Tested. Most Awarded. For over 20 years, we’ve been recognized as experts in the fight against malware and cybercrime. In 2017, Kaspersky products participated in 86 independents tests & reviews – and were awarded 72 first places and 78 top-three finishes.
Malware Patrol
Threat Intelligence Feeds
Malware Patrol provides real-time threat intelligence that protects companies in over 175 countries against the latest cyber threats, including phishing, malware, ransomware, data exfiltration, and brand infringement. Security teams rely on our dependable and historically rich data to expand their threat landscape visibility, resulting in improved detection rates and response times.
Mandiant
Threat Intelligence Feeds
Since 2004, Mandiant® has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.
PolySwarm
Threat Intelligence Feeds
PolySwarm’s hot ransomware feed is a real-time stream of new and emergent malware with a focus on new Ransomware Families, 30% of which are not yet in competing feeds. Each file is given an individual threat score (PolyScore) along with detailed tagging and metadata, allowing organizations to automate the distribution, prioritization, and handling of threats.
Proofpoint
Threat Intelligence Feeds
Proofpoint is a next-generation cybersecurity company protecting people, data, and brands from advanced threats and compliance risks based on its global intelligence platform that spans email, social and mobile. Proofpoint Emerging Threats (ET) intelligence for IPs and malicious domains and its Targeted Attack Protection intelligence feed for advanced email threats are available in the ThreatStream APP Store and are based on behavior observed directly by Proofpoint ET Labs.
Q6 Cyber
Threat Intelligence Feeds
Q6 Cyber monitors the Digital Underground - a vast universe of online sites, marketplaces, communities, and forums where hackers, fraudsters, and cyber criminals operate and interact. Our 24x7 coverage includes not only the DarkWeb and DeepWeb, but also malware networks, botnets, private messaging platforms and other cybercrime infrastructure. Q6 delivers exceptional ROI to enterprise customers around the world through significant reduction of fraud losses, data breaches, and electronic crimes including Customer Account Takeovers and Payment Card Fraud. Our e-Crime Intelligence helps to transform your information security and fraud operations from reactive to proactive.
Red Sky Alliance
Threat Intelligence Feeds
Red Sky Alliance provides targeted cyber threat intelligence in the forms of services, feeds and reporting. Founded in 2011, Red Sky Alliance has tracked and analyzed malware, ransomware and cyber threat actor groups. Services such as their RedXray cyber threat notification service can provide daily cyber threat intelligence without installing software, hardware or require a network connection. Prices for this service begin at US$ 500.00 per month.
ReversingLabs
Threat Intelligence Feeds
ReversingLabs provides the industry’s first modular, high volume file classification solution, that scales to assess million of files from various sources including endpoints, network and storage.
SEKOIA.IO
Threat Intelligence Feeds
SEKOIA.IO CTI is a mix of exclusive SEKOIA.IO threat intelligence data coming from C2 trackers, VT trackers, honeypots and refined OSINT data. The threat intelligence provided by SEKOIA.IO is easily actionable within Anomali ThreatStream as it's highly structured in STIX 2.1, fully contextualized and built for detection purposes. SEKOIA.IO CTI subscription includes an API and a web portal access.
SecneurX
Threat Intelligence Feeds
SecneurX’s mission is to help solve the security industry’s malware issues through network communications analysis. SecneurX leverages AI and Machine learning to automate the analysis of communications data and arrive at information, solutions, and products to identify and combat malware, including mobile malware threats, threats targeting IoT/OT infrastructure, and threats targeting organizations providing critical infrastructure.
Silobreaker
Threat Intelligence Feeds
Silobreaker helps security, business and intelligence professionals make sense of the overwhelming amount of data available on the web. By discovering insights that are buried deep inside the data, we help you uncover the information that is most valuable to you. Our products are designed to support your workflow, from collecting and analysing data to disseminating your findings across your organisation.
Sixgill
Threat Intelligence Feeds
Sixgill’s cyber threat intelligence solution focuses on your intelligence needs, helping you mitigate risk to your organization, more effectively and more efficiently. Using an agile and automatic collection methodology, Sixgill provides you with broad coverage of exclusive-access deep and dark web sources as well as relevant surface web sources. Utilizing artificial intelligence and machine learning, Sixgill automates the production cycle of cyber intelligence from monitoring, to extraction to production, uniquely focusing on relevant threats operating in these sources. A market leader in deep and dark web cyber threat intelligence, Sixgill provides threat intelligence solutions to enterprises around the world including Fortune 500 companies, financial institutions, and law enforcement agencies, addressing a wide range of cybersecurity challenges.
Team Cymru – BARS Feed
Threat Intelligence Feeds
Our Botnet Analysis & Reporting Service (BARS) provides in-depth analysis, tracking, and history of 40+ malware families that utilize unique control protocols and possibly encryption mechanisms.
Team Cymru – Controller Feed
Threat Intelligence Feeds
Near-real-time identification of botnet command and control (C&C) IP addresses (IRC, http, and P2P) built for DDoS, warez, and underground economy to include bot types, passwords, channels, and our insight.
Team Cymru – Reputation Feed
Threat Intelligence Feeds
Near-real-time feed to allow subscribers to monitor for infected computers visiting their networks to identify compromised hosts as they access their networks, thus enabling them to monitor or block these infected hosts before they can cause any damage.
TeamT5
Threat Intelligence Feeds
TeamT5 is a group of hackers dedicated to cyber threat research. The team started out with outstanding research ability and has been delivering cyber threat intelligence (CTI) for more than 5 years. Compared with other CTI vendors, TeamT5 has the deepest and best understanding of cyber attackers in the Asia Pacific region. With leading intelligence and knowledge of cyber-attacks, TeamT5 developed unique technologies and methodology to help clients deal with targeted attacks. The solutions have been verified and have helped numerous victims to solve their problems.
The Media Trust
Threat Intelligence Feeds
The Media Trust works with the world's largest, most-heavily trafficked digital properties—websites and mobile apps—to provide real-time security, first-party data protection and privacy, performance management and quality assurance solutions that help protect, monetize and optimize the user experience across desktop, smartphone, tablet and gaming devices.
ThreatFabric
Threat Intelligence Feeds
Take advantage of ThreatFabric’s expertise on Mobile Threat Intelligence. The MTI feed allows banks to track mobile banking malware campaigns targeting their banking apps and to import information reports on malware families, their capabilities, and their evolution.
ZeroFOX
Threat Intelligence Feeds
The ZeroFOX for Anomali app extends social media and digital visibility across the cyber threat landscape into the Anomali Threat Platform to provide early warning into digital attacks on your business, executives and assets.
iDefene
Threat Intelligence Feeds
iDefense empowers its customers’ environments with contextual, timely and actionable security intelligence, enabling businesses and governments to make smarter decisions to defend against new and evolving threats.
