ThreatStream: Threat Intelligence Platform

The most widely adopted Threat Intelligence Platform

Request a Demo

Mission Control for Threat Intelligence

ThreatStream speeds detection of threats by uniting your security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts to quickly handle threats.

Download ThreatStream Datasheet

ThreatStream Threat Intelligence Platform
  • FireEye
  • Flashpoint Partners
  • Intel471
  • Symantec
  • Verisign
  • Webroot
  • Emerging Threats
  • CrowdStrike
  • PhishMe


ThreatStream collects threat intelligence data from hundreds of sources. Users can also trial and purchase 3rd party premium feeds directly through the Anomali APP Store.

Threat intelligence sources include:

  • STIX/TAXII feeds
  • Open source threat feeds
  • Commercial threat intelligence providers
  • Structured and unstructured intelligence
  • ISAC/ISAO shared threat intelligence

Visit the APP Store for more details


ThreatStream makes it easy to operationalize threat intelligence by:

  • Normalizing feeds into a common taxonomy
  • De-duplicating data across feeds
  • Removing false positives via machine learning algorithms
  • Enriching data with Actor, Campaign, TTP
  • Adding context from WHOIS, PassiveDNS, others
  • Associating related threat indicators


IOCs can be directly managed within the ThreatStream platform and pushed out to other systems for blocking and monitoring. These integrations include but are not limited to:

  • SIEM
  • Firewall
  • IPS
  • Endpoint
  • API

Check out our Integration Partners

  • Carbon Black
  • Cloudera
  • CrowdStrike
  • LogRhythm
  • Micro Focus
  • Splunk
  • QRadar
  • McAfee
  • OpenDNS
  • Palo Alto Networks
  • RSA Security Analytics
  • Tanium
Threat Intelligence Analysts

Enabling SOC Teams and Threat Intelligence Analysts

Anomali ThreatStream provides tools to help analysts and SOC teams respond to threats. The ThreatStream platform includes features such as:

  • Phishing - Extract indicators from suspected emails
  • Sandbox - Detonate malware and extract relevant indicators
  • Brand Monitoring - Detection of brand abuse
  • Threat investigation engine with analyst workflows
  • Threat bulletin creation, management, and collaboration


Trusted Circles within the ThreatStream Platform ensure that users can participate seamlessly in two-way sharing. Company-proprietary information can be kept private to guarantee confidentiality of shared information.

Trusted Circles

The Value of Threat Intelligence

A Ponemon Study of North American & United Kingdom Companies