ThreatStream - Threat Intelligence Platform
Get COVID-19 Cyber Security Resources Learn More

Anomali ThreatStream
Threat detection, investigation and response

ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.

Mission Control for Threat Intelligence

ThreatStream speeds detection of threats by uniting your security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts to quickly handle threats.

Download ThreatStream Datasheet

ThreatStream Threat Intelligence Platform


ThreatStream collects threat intelligence data from hundreds of sources. Users can also trial and purchase 3rd party premium feeds directly through the Anomali APP Store.

Threat intelligence sources include:

  • STIX/TAXII feeds
  • Open source threat feeds
  • Commercial threat intelligence providers
  • Structured and unstructured intelligence
  • ISAC/ISAO shared threat intelligence

Visit the APP Store for more details

  • FireEye
  • Flashpoint Partners
  • Intel471
  • Symantec
  • Verisign
  • Webroot
  • Emerging Threats
  • CrowdStrike
  • PhishMe


ThreatStream makes it easy to operationalize threat intelligence by:

  • Normalizing feeds into a common taxonomy
  • De-duplicating data across feeds
  • Removing false positives via machine learning algorithms
  • Enriching data with Actor, Campaign, TTP
  • Adding context from WHOIS, PassiveDNS, others
  • Associating related threat indicators


IOCs can be directly managed within the ThreatStream platform and pushed out to other systems for blocking and monitoring. These integrations include but are not limited to:

  • SIEM
  • Firewall
  • IPS
  • Endpoint
  • API

Check out our Integration Partners

  • Carbon Black
  • Cloudera
  • CrowdStrike
  • LogRhythm
  • Micro Focus
  • Splunk
  • QRadar
  • McAfee
  • OpenDNS
  • Palo Alto Networks
  • RSA Security Analytics
  • Tanium

Enabling SOC Teams and Threat Intelligence Analysts

Anomali ThreatStream provides tools to help analysts and SOC teams respond to threats. The ThreatStream platform includes features such as:

  • Phishing - Extract indicators from suspected emails
  • Sandbox - Detonate malware and extract relevant indicators
  • Brand Monitoring - Detection of brand abuse
  • Threat investigation engine with analyst workflows
  • Threat bulletin creation, management, and collaboration
Threat Intelligence Analysts


Trusted Circles within the ThreatStream Platform ensure that users can participate seamlessly in two-way sharing. Company-proprietary information can be kept private to guarantee confidentiality of shared information.

Trusted Circles

The Value of Threat Intelligence

A Ponemon Study of North American & United Kingdom Companies