Anomali Lens - NLP-Driven Extension for Automated Threat Insights
Anomali Lens

Identify key threat intelligence within unstructured data in seconds

Anomali Lens is a powerful extension that quickly operationalizes threat intelligence by automatically scanning digital content to identify relevant threats and streamline researching and reporting on them.

Interactive tour Schedule demo Download Datasheet
Watch Video

Correlate threat intelligence with digital content quickly

Anomali Lens uses Natural Language Processing (NLP) to automatically scan and identify threat data in any web-based content, Office 365 (Outlook, Word, Excel) and PDFs – and operationalizes it into actionable intelligence for containing and resolving threats as they arise.

The automation of threat intelligence research and enrichment resulted in less time spent trying to figure the situation out, a lower risk of having to repeat tasks, and less troubleshooting due to human error.
ESG Economic Validation: Analyzing the Economic Benefits
of the Anomali Threat Intelligence Platform
Download Now
Anomali Lens Trending Threat Models

Relevant and actionable intelligence delivered at scale

Lens provides threat intelligence insights in one click. Lens uses Natural Language Processing (NLP) to automate the identification of threat indicators, threat actors, malware families, and attack techniques from scanning a web page, Office 365 doc, or PDF report.

  • Detect and highlight all cyber threat references found on a scanned doc
  • Quickly determine if threats are “known” to your organization with visual highlights
  • Gain additional context about the highlighted threats with tooltips
  • Organize gathered intelligence with inline actions and context menus

Precision attack detection to automate research and reporting

Security analysts spend too much time researching threats by manually copying, pasting, and pivoting on threat data from sources such as news articles, blogs, threat bulletins, and social media. Lens automatically converts scanned threat data into structured, machine-readable threat intelligence that can be operationalized and imported into Anomali ThreatStream in seconds.

  • Identify at a glance whether scanned threat data is known, unknown, or trending within ThreatStream
  • Launch sandbox detonations
  • Open a new ThreatStream investigation with one click
  • Detect and equate all referenced tactics, techniques, and procedures (TTPs)
Anomali Lens in Microsoft Word
Anomali Lens

Optimized response to quickly determine impact, then investigate and report on it

Lens automatically matches identified threat intelligence against network events and logs to tell at a glance if your organization has been impacted.

  • Import scanned threat data into Anomali Threatstream or Anomali Match with one click
  • Pivot, investigate, and visualize imported threat intelligence in MITRE ATT&CK heatmaps
  • Import MITRE ATT&CK data into a ThreatStream investigation automatically
  • Export your investigation for reporting and collaboration

Key capabilities

  • Unstructured data natural language processing analysis supporting multiple (PDF, HTML, Office 365) form factors
  • Identification and translation of unstructured attack description into MITRE ATT&CK techniques
  • Automatic IoC import into TS Threat Bulletins, Investigations, and Sandbox detonation
  • Customizable dashboards on Lens identified news on trending malware, CVEs, actors, or MITRE attack patterns
  • SOC analyst research to CTI threat investigation workflow
  • Export capabilities for distribution and collaboration of the investigation

Automate threat discovery and research

Organizations rely on Anomali to surface relevant intelligence quickly to inform cross functionally and upper management.