Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×

Anomali Threatstream

Solutions Gallery > Anomali ThreatStream

Mission Control for Threat Intelligence

Anomali ThreatStream combines threat data from feeds and other sources with data from inside the network to surface relevant threats to an organization.

By mapping Indicators of Compromise (IOCs) with a strategic threat model, analysts using the ThreatStream platform are able to quickly identify, investigate and react to security threats.

Feed Aggregation

Anomali brings together all your threat intelligence data, turning it into useful, highly actionable information. With ThreatStream organizations have a powerful platform to manage millions of IOCs. ​

  • Aggregate feeds across multiple sources ​
  • Normalize feed data (make data more usable) ​
  • Enrich IOC with security context (actors, campaigns, TTPs)

Anomali also offers an APP Store where users can access, trial and purchase 3rd party threat intelligence feeds.

ThreatStream Integrations

ThreatStream integrates with many common security and IT products, allowing businesses to quickly start finding threats lurking on the internal network by taking advantage of tools they already own. ​

  • Manage IOCs and identify specific indicators to push to internal systems for blocking, monitoring ​
  • Integrate with internal IT/security systems such as SIEM, FW, endpoint ​
  • ThreatStream APIs allow you to integrate with other systems as well.

Threat Investigation

Once suspicious IOC activity is detected within your network it’s critical to understand the nature and scope of the threat. Anomali gives you all the context at your fingertips.

Clicking an IOC match takes you to the ThreatStream investigation portal where you can determine: ​

  • Actors and Campaigns associated with the IOC ​
  • Details of the threat (origin, threat type, TTPs, etc.) ​
  • Other IOCs associated with the initial match

Anomali supports multiple threat models, including Kill Chain, Diamond Model and STIX/TAXII.

Secure Intelligence Sharing

Anomali believes in the power of the community as a force multiplier in the defense against cyber threats. To that end ThreatStreams offers secure collaboration capabilities to allow cybersecurity analysts and organizations to share intelligence seamlessly.

Trusted Circles: ThreatStream offers simple creation of public and private communities for secure sharing. 2-way Collaboration: TheatStream allows users to easily contribute intelligence to their communities. Company-proprietary information can easily be extracted or masked to ensure the confidentiality of shared information.

Technical details

Cloudera versions
CDH5.x

Partner product name
Accenture Services EC2

Partner product version
EC2

Interface components
Flume, Hadoop, HBase, HDFS, Hive, Hue, Impala, MapReduce, ODBC, Pig, Sqoop, ZooKeeper, YARN, Hive-ODBC, Hive-JDBC, Impala-JDBC, Hadoop Streaming, Datafu, Pig UDFs, PigServer, Hive UDFs, Hive SerDes, Mahout, HCatalog, Accumulo, Search, Spark, Kite, Parquet, Avro, Whirr, Cloudera Manager API, Cloudera Manager CSDs, Cloudera Sentry, Cloudera Parcels, HiveServer2, Oozie, Navigator, JDBC, Kafka, Hive on Spark

Support Kerberos
Yes

Supports Appache Sentry
Yes
 

Datasheet

Anomali ThreatStream 6.0

Learn more about the solution

Yes, I would like to start receiving email updates from Cloudera.
I agree to Cloudera's terms and conditions.