Anomali Threat Platform Product Brochure


Anomali Threat Platform Product Brochure

The Anomali Threat Platform is a suite of products that automates detection, prioritization, and analysis of the most serious threats to your organization. With machine learning, automation, and an expansive partner ecosystem, the Anomali Threat Platform empowers your analysts to leverage threat intelligence for better insights and response to cyber attacks.

Platform Benefits:

  • Identify targeted threats to your organization
  • Automate detection and analysis of threats
  • Improve response with insights into threat actors and behaviors
  • Save time and resources by reducing impact of attacks
  • Allow for collaboration between internal and external CTI groups


ThreatStream is the Threat Intelligence Platform built for analysts to create threat intelligence and investigate security incidents. Collect, contextualize, and risk rank complex, high-volume indicators with machine learning to prioritize alerts and guide security strategy.

  • Map threat intelligence to threat models (Actor Profiles, Campaigns, and TTPs)
  • Aggregate OSINT, 3rd party, Labs, and ISAC data
  • Automate workflows for quicker analyst insights
  • Securely share and collaborate threat intelligence with trusted partners
  • Integrate with SIEM, FW, Endpoint, IDS, API and more

Anomali Enterprise™

Anomali Enterprise is a Threat Detection Engine purpose-built to automate and speed time to detection in your environment. Anomali Enterprise correlates twelve months of metadata against active threat intelligence to expose previously unknown threats to your organization.

  • Evaluate exposure to current and historical threats
  • Automatically tie indicator matches to threat models (e.g. CVEs and MITRE ATT&CK)
  • Review assets with known CVEs and associate to Anomali Enterprise rules and alerts
  • Prioritize analysts’ work with highfidelity alerts
  • Review timeline of incidents and anatomy of attacks


The Anomali SDK Suite brings a new level of customization and capability to your security program. Leverage the Feeds, Enrichments, and Integrations SDKs to unite security solutions and increase collaboration.

  • Feeds—Add new intelligence feeds
  • Enrichments—Develop custom data enrichments
  • Integrator—Create bespoke integrations

Threat Intelligence Sharing

Anomali provides a complete threat sharing platform for ISAC and ISAO partners to power secure sharing and collaboration. Partners leverage ThreatStream to offer their members a branded threat sharing portal with community training, education, and an Anomali Analyst license.

  • Dedicated Trusted Circle in Anomali Threat Platform
  • Admin access to vet and control membership
  • STIX/TAXII server for programmatic access
  • Industry-specific tactical and operational research from Anomali Threat Analysis Center

App Store


Anomali offers pre-built, easy to configure integrations with SIEMs, firewalls, endpoint systems and other security and IT solutions.


Trial, evaluate, and purchase threat intelligence feeds directly within the Anomali platform. Access premium feeds from Anomali partners and common open source feeds.

Professional Services

Workflow Service

  • Tailors tactical-level, operational, and strategic threat intelligence workflows to your organization
  • Improves operational efficiency by aligning process and collaboration to platform functions
  • Refines tasks, processes, and orchestration
  • Provides KPIs to help determine proficiency and maturity of your CTI program

RFI Service

  • Request custom research on specific threats in your environment
  • Malware analysis and triage
  • Context surrounding IOCs and intelligence analysis
  • Actor, TTPs, signatures, etc.

Premium Domain RFI Service Monitoring Service

  • Track suspicious domain registrations
  • Alerts for newly registered domains
  • Receive Threat Bulletins with domain details
  • Receive associated IOCs for further investigation

Custom Integrations, Feeds, and SDK Support

  • Create custom integrations and feeds
  • Receive support for SDK usage


Weekly Threat Briefing

  • Digest of key security threat news
  • Recommendations for response
  • Every security alert includes specific, associated IOCs
  • Integrates with ThreatStream, Anomali Enterprise, Splunk App


  • Subscribe to any STIX/TAXII feed
  • Preconfigured with Limo, a curated list of intelligence feeds
  • Investigation portal for advanced analysis
  • Installs in minutes; simple configuration wizard

Learn more about threat intelligence platforms.