Anomali Marketplace
Connect with the Anomali CISO community
Anomali Preferred Partner Store
The only marketplace for threat intelligence, enrichments, and integrations.
Integrated tools and intelligence that provide context and actionable information
Security teams now have a wide variety of threat intelligence sources feeding them indicators of compromise, but knowing an IP address or domain name is just the first step in preventing or responding to a threat. Enriching the context around IOCs dramatically increases their value to analysts, and augmenting your threat research with advanced threat analysis services, such as sandboxing, provides critical details.
Looking to expand your threat analysis capabilities? We can help to identify the right enrichment data and analysis tools for your organization.
Threat Analysis Tools and Enrichments
Anomali provides 200+ advanced threat analysis services, including:
.png)
Partners
Authentic8
Threat Intelligence Feeds
Authentic8 enables anyone, anywhere, on any device to experience the web without risk. The Silo Web Isolation Platform by Authentic8 separates the things you care about like apps, data and devices, from the things you cannot trust like public websites, external users and unmanaged devices. Silo executes all web code in a secure, isolated environment that is managed by policy, to provide protection and oversight. The world’s most at-risk organizations rely on Silo to deliver trust where it cannot otherwise be guaranteed.
Cisco Umbrella
Threat Intelligence Feeds
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. And because it’s built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection. The intelligence from Cisco Umbrella Investigate provides the most complete view of the relationships and evolution of internet domains, IPs, and malware, and adds the security context needed to uncover and predict threats.
Cribl
Threat Intelligence Feeds
Cribl is the Data Engine for IT and Security, offering enterprises choice, control, and flexibility to manage their data efficiently. Cribl Stream, the world’s leading observability pipeline, processes logs, metrics, and traces in real-time, routing data to any destination in any format. Cribl Edge is an intelligent agent, and Cribl Search is the industry’s first search-in-place solution. Founded in 2018 and headquartered in San Francisco, Cribl’s vendor-agnostic product suite helps Fortune 1000 companies optimize data usage and storage, reducing costs and enhancing security insights.
CrowdStrike
Threat Intelligence Feeds
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time. CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.
DomainTools
Threat Intelligence Feeds
DNS-Based Cyber Threat Detection and Response
The DomainTools® Iris™ App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the The Anomali Security Operations Platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.
GreyNoise
Threat Intelligence Feeds
GreyNoise's integration with Anomali ThreatStream helps security analysts save time by revealing which events they can ignore. GreyNoise's data is a curation of IPs that saturate security tools with noise, like mass-internet scanners and harmless business services. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.
HYAS
Threat Intelligence Feeds
HYAS Insight’s integration with Anomali ThreatStream helps security analysts increase accuracy and speed investigations. Using exclusive data sources and non-traditional mechanisms, HYAS Insight data connects observables to billions of indicators of compromise to understand and counter adversary infrastructure. Users can find an interesting match in ThreatStream and amplify it with HYAS Insight to expand their understanding of the adversary’s infrastructure.
IPQualityScore
Threat Intelligence Feeds
IPQualityScore (IPQS) provides Anomali ThreatStream users with enterprise-grade detection for sophisticated abuse. Security analysts can easily increase awareness for high risk behavior by analyzing an IP address, domain, or email address. IPQS uses a unique data set, gathered by our proprietary honeypot network that captures advanced abuse such as residential botnets, phishing, hijacked domains, and any IOC that's been associated with abusive behavior across our partner reporting network, which analyzes over 10,000 abuse reports per second.
Joe Security
Threat Intelligence Feeds
Joe Sandbox is the industry’s most advanced automated and deep malware analysis solution. With a unique multi-technology approach, Joe Sandbox combines instrumentation, simulation, hardware virtualization, graph and hybrid analysis with advanced machine learning and AI technologies to deeply analyze even the most evasive malware. Joe Sandbox enables security specialists to analyze threats on Windows, macOS, Linux, Android and iOS operating systems and it’s available as a cloud service or an on premises software license and hardware appliance. Joe Sandbox provides an excellent detection rate, unmatched in-depth analysis and evasion resistance.
Maltego
Threat Intelligence Feeds
Maltego servers can be deployed within your organization meaning that instead of having your transforms running over Paterva’s infrastructure you can host your transform servers on infrastructure you control. An internal server gives you the ability to integrate with your structured internal data and leverage internal processes as well as the ability to distribute these transforms across your enterprise.
Recorded Future
Threat Intelligence Feeds
Recorded Future arms threat analysts, security operators, and incident responders to rapidly connect the dots and reveal unknown threats. Our patented technology automatically collects and analyzes threat intelligence from technical, open, and dark web sources to provide invaluable context for faster human analysis and real-time integration with your existing security systems.
Silobreaker
Threat Intelligence Feeds
Silobreaker helps security, business and intelligence professionals make sense of the overwhelming amount of data available on the web. By discovering insights that are buried deep inside the data, we help you uncover the information that is most valuable to you. Our products are designed to support your workflow, from collecting and analysing data to disseminating your findings across your organisation.
Soltra
Threat Intelligence Feeds
Soltra Edge® is an industry-driven software that automates processes to share, receive, validate and act on cyber threat intelligence. It enables an end-to-end community defense model and changes the posture of cybersecurity defenders from reactive to proactive. Soltra Edge is the most widely used Cyber Threat Communications Platform for two-way sharing of cybersecurity information among peers, trust groups, communities and government.
VMray
Threat Intelligence Feeds
VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine. The combination provides both fast, high volume file classification and deep malware analysis. The VMRay Analyzer is platform independent and highly scalable, the result of a decade of R&D by some of the world’s leading experts on dynamic malware analysis. By monitoring at the hypervisor level, it is undetectable by malware running in the target operating system. VMRay serves leading enterprises around the world.
VirusTotal
Threat Intelligence Feeds
VirusTotal inspects items with over 60 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
