Anomali Partner Directory

The ReversingLabs Spectra Intelligence enrichment is a set of pivot and context-based functions that can be used to enrich threat hunting and analysis by introducing new and unique insights into the security workflow. It returns data transformations and enrichment visualizations from ReversingLabs Spectra Intelligence, the industry's most comprehensive source of reputation data, into Anomali ThreatStream workflows.

IPQualityScore (IPQS) provides Anomali ThreatStream users with enterprise-grade detection for sophisticated abuse. The IPQS Fraud and Risk Scoring Enrichment provides enterprise grade fraud prevention, risk analysis, and threat detection. Analyze IP addresses, email addresses, URLs, and domains to identify sophisticated bad actors and high risk behavior. IPQS uses a unique data set, gathered by our proprietary honeypot network that captures advanced abuse such as residential botnets, phishing, hijacked domains, and any IOC that's been associated with abusive behavior across our partner reporting network, which analyzes over 10,000 abuse reports per second.

GreyNoise's integration with Anomali ThreatStream helps security analysts save time by revealing which events they can ignore. GreyNoise's data is a curation of IPs that saturate security tools with noise, like mass-internet scanners and harmless business services. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.

Users can also enrich against GreyNoise to reduce observables created by mass-internet scanning and create more time to investigate targeted attacks. This enrichment provides context into IP behavior: intent, tags, first seen, last seen, geo-data, ports, OS and JA3. Advanced features showing timeline and similarity based information is available for users with those subscription features.

‍

The WhoisXMLAPI integration lets ThreatStream users access billions of domain and DNS records through acollection of APIs. Users can map and study all connections across domain names, current and historical resource owners, IP addresses, subdomains, NS and MX servers, and more.

WOT checks every domain before you visit it to let you know its safety and security rating.

‍

URLScan.io is a website scanner focused on analyzing all possible details about any established HTTP connection, site content, and relations with other sites. This enrichment helps ThreatStream users with analyzing and triaging suspicious URLs.

Tenable delivers unparalleled coverage and comprehensive insight to enable you to detect vulnerabilities, assess risk, and prioritize remediation for every asset, in every environment.

Anomali ThreatStream has an enrichment integration available for Tenable Security Center -Tenable's on-premise risk and vulnerability management solution. This enrichment allows users to query their Tenable Security Center instance with a vulnerability, and view affected asset details in ThreatStream for further analysis.

SPUR's Context API provides hosted high-performance IP enrichment lookups suitable for automation platforms, scripts, and custom integrations. This enrichment provides ThreatStream users with additional context to IP address indicators. It also enriches each IP address with anonymity network information, precision geolocations, and estimated user counts.

The Anomali ThreatStream App for Splunk empowers Splunk users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Splunk users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Splunk, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.).

The Anomali and ServiceNow integration leverages a bi-directional workflow that works hand-in-hand to consolidate incident intelligence and remediation processes. Anomali ThreatStream and ServiceNow Security Operations work together to accelerate investigation and remediation of security incidents.This is accomplished by associating intelligence about indicators of compromise in ServiceNow security incidents with context from AnomaliThreatStream, including threat score, confidence level, source, and severity.

This integration uses multiple transforms and enrichments to obtain malware data from the ReversingLabs Spectra Analyze platform and transforms it into valuable threat hunting info.