Anomali Detect

September 20 - 22, 2017


The most widely adopted Threat Intelligence Platform

Start Free Trial Now

Mission Control for Threat Intelligence

Anomali ThreatStream combines threat data from feeds and other sources with data from inside the network to surface relevant threats to an organization.

By mapping Indicators of Compromise (IOCs) with a strategic threat model, analysts using the ThreatStream platform are able to quickly identify, investigate and react to security threats.

Download ThreatStream Datasheet

Feed Aggregation

Anomali brings together all your threat intelligence data, turning it into useful, highly actionable information. With ThreatStream organizations have a powerful platform to manage millions of IOCs.

  • Aggregate feeds across multiple sources
  • Normalize feed data (make data more usable)
  • Enrich IOC with security context (actors, campaigns, TTPs)

Anomali also offers an APP Store where users can access, trial and purchase 3rd party threat intelligence feeds.

Visit the APP Store for more details

ThreatStream Integrations

ThreatStream integrates with many common security and IT products, allowing businesses to quickly start finding threats lurking on the internal network by taking advantage of tools they already own.

  • Manage IOCs and identify specific indicators to push to internal systems for blocking, monitoring
  • Integrate with internal IT/security systems such as SIEM, FW, endpoint
  • ThreatStream APIs allow you to integrate with other systems as well.

Check out our Integration Partners

  • ArcSight
  • Carbon Black
  • Cloudera
  • CrowdStrike
  • LogRhythm
  • Splunk
  • QRadar
  • NitroSecurity
  • OpenDNS
  • Palo Alto Networks
  • RSA Security Analytics
  • Tanium

Threat Investigation

Once suspicious IOC activity is detected within your network it’s critical to understand the nature and scope of the threat. Anomali gives you all the context at your fingertips.

Clicking an IOC match takes you to the ThreatStream investigation portal where you can determine:

  • Actors and Campaigns associated with the IOC
  • Details of the threat (origin, threat type, TTPs, etc.)
  • Other IOCs associated with the initial match

Anomali supports multiple threat models, including Kill Chain, Diamond Model and STIX/TAXII.

Brand Monitoring

A corporate brand is just as much of a target as company data. ThreatStream provides users with the tools to monitor for two common tactics, typosquatted domains and compromised credentials.


  • Identify and research malicious domains
  • Automatically scan the Dark Web for mentions of corporate domains
  • Alert customers of corporate keywords found in the Dark Web

Compromised Credentials

  • Monitor the Dark Web for sharing of user IDs and passwords
  • Alert customers of compromised credentials containing their domain
  • Automatically collect exposed credentials

Secure Intelligence Sharing

Anomali believes in the power of the community as a force multiplier in the defense against cyber threats. To that end ThreatStreams offers secure collaboration capabilities to allow cybersecurity analysts and organizations to share intelligence seamlessly.

Trusted Circles: ThreatStream offers simple creation of public and private communities for secure sharing. 2-way Collaboration: TheatStream allows users to easily contribute intelligence to their communities. Company-proprietary information can easily be extracted or masked to ensure the confidentiality of shared information.

The Value of Threat Intelligence

A Ponemon Study of North American & United Kingdom Companies