Mission Control for Threat Intelligence
Anomali ThreatStream combines threat data from feeds and other sources with data from inside the network to surface relevant threats to an organization.
By mapping Indicators of Compromise (IOCs) with a strategic threat model, analysts using the ThreatStream platform are able to quickly identify, investigate and react to security threats.
Anomali brings together all your threat intelligence data, turning it into useful, highly actionable information. With ThreatStream organizations have a powerful platform to manage millions of IOCs.
- Aggregate feeds across multiple sources
- Normalize feed data (make data more usable)
- Enrich IOC with security context (actors, campaigns, TTPs)
Anomali also offers an APP Store where users can access, trial and purchase 3rd party threat intelligence feeds.
ThreatStream integrates with many common security and IT products, allowing businesses to quickly start finding threats lurking on the internal network by taking advantage of tools they already own.
- Manage IOCs and identify specific indicators to push to internal systems for blocking, monitoring
- Integrate with internal IT/security systems such as SIEM, FW, endpoint
- ThreatStream APIs allow you to integrate with other systems as well.
Once suspicious IOC activity is detected within your network it’s critical to understand the nature and scope of the threat. Anomali gives you all the context at your fingertips.
Clicking an IOC match takes you to the ThreatStream investigation portal where you can determine:
- Actors and Campaigns associated with the IOC
- Details of the threat (origin, threat type, TTPs, etc.)
- Other IOCs associated with the initial match
Anomali supports multiple threat models, including Kill Chain, Diamond Model and STIX/TAXII.
Secure Intelligence Sharing
Anomali believes in the power of the community as a force multiplier in the defense against cyber threats. To that end ThreatStreams offers secure collaboration capabilities to allow cybersecurity analysts and organizations to share intelligence seamlessly.
Trusted Circles: ThreatStream offers simple creation of public and private communities for secure sharing. 2-way Collaboration: TheatStream allows users to easily contribute intelligence to their communities. Company-proprietary information can easily be extracted or masked to ensure the confidentiality of shared information.
Partner product name
Accenture Services EC2
Partner product version
Flume, Hadoop, HBase, HDFS, Hive, Hue, Impala, MapReduce, ODBC, Pig, Sqoop, ZooKeeper, YARN, Hive-ODBC, Hive-JDBC, Impala-JDBC, Hadoop Streaming, Datafu, Pig UDFs, PigServer, Hive UDFs, Hive SerDes, Mahout, HCatalog, Accumulo, Search, Spark, Kite, Parquet, Avro, Whirr, Cloudera Manager API, Cloudera Manager CSDs, Cloudera Sentry, Cloudera Parcels, HiveServer2, Oozie, Navigator, JDBC, Kafka, Hive on Spark
Supports Appache Sentry