Your browser is out of date

Update your browser to view this website correctly. Update my browser now


Threatstream Threat Intelligence Platform

Solutions Gallery > Threatstream Threat Intelligence Platform

Mission Control for Threat Intelligence

Anomali ThreatStream combines threat data from feeds and other sources with data from inside the network to surface relevant threats to an organization.

By mapping Indicators of Compromise (IOCs) with a strategic threat model, analysts using the ThreatStream platform are able to quickly identify, investigate and react to security threats.

Feed Aggregation

Anomali brings together all your threat intelligence data, turning it into useful, highly actionable information. With ThreatStream organizations have a powerful platform to manage millions of IOCs. ​

  • Aggregate feeds across multiple sources ​
  • Normalize feed data (make data more usable) ​
  • Enrich IOC with security context (actors, campaigns, TTPs)

Anomali also offers an APP Store where users can access, trial and purchase 3rd party threat intelligence feeds.

ThreatStream Integrations

ThreatStream integrates with many common security and IT products, allowing businesses to quickly start finding threats lurking on the internal network by taking advantage of tools they already own. ​

  • Manage IOCs and identify specific indicators to push to internal systems for blocking, monitoring ​
  • Integrate with internal IT/security systems such as SIEM, FW, endpoint ​
  • ThreatStream APIs allow you to integrate with other systems as well.

Threat Investigation

Once suspicious IOC activity is detected within your network it’s critical to understand the nature and scope of the threat. Anomali gives you all the context at your fingertips.

Clicking an IOC match takes you to the ThreatStream investigation portal where you can determine: ​

  • Actors and Campaigns associated with the IOC ​
  • Details of the threat (origin, threat type, TTPs, etc.) ​
  • Other IOCs associated with the initial match

Anomali supports multiple threat models, including Kill Chain, Diamond Model and STIX/TAXII.

Secure Intelligence Sharing

Anomali believes in the power of the community as a force multiplier in the defense against cyber threats. To that end ThreatStreams offers secure collaboration capabilities to allow cybersecurity analysts and organizations to share intelligence seamlessly.

Trusted Circles: ThreatStream offers simple creation of public and private communities for secure sharing. 2-way Collaboration: TheatStream allows users to easily contribute intelligence to their communities. Company-proprietary information can easily be extracted or masked to ensure the confidentiality of shared information.

Key highlights 

Security, Risk & Compliance 

Technical details

Cloudera versions

Partner product name
Accenture Services EC2

Partner product version

Interface components
Flume, Hadoop, HBase, HDFS, Hive, Hue, Impala, MapReduce, ODBC, Pig, Sqoop, ZooKeeper, YARN, Hive-ODBC, Hive-JDBC, Impala-JDBC, Hadoop Streaming, Datafu, Pig UDFs, PigServer, Hive UDFs, Hive SerDes, Mahout, HCatalog, Accumulo, Search, Spark, Kite, Parquet, Avro, Whirr, Cloudera Manager API, Cloudera Manager CSDs, Cloudera Sentry, Cloudera Parcels, HiveServer2, Oozie, Navigator, JDBC, Kafka, Hive on Spark

Support Kerberos

Supports Appache Sentry


Anomali Threat Platform

Learn more about the solution from our partner

Your form submission has failed.

This may have been caused by one of the following:

  • Your request timed out
  • A plugin/browser extension blocked the submission. If you have an ad blocking plugin please disable it and close this message to reload the page.