Anomali Partner Directory

Certego Data Feeds provide EU and Italy-focused threat intelligence, categorizing malicious IPs and domains by type and reliability. Powered by Quokka, they deliver real-time insights, block threats, and improve efficiency for MDR and MSSP services.

The Shadowserver Foundation is a nonprofit organization with an altruistic mission to make the Internet more secure for everyone. Shadowserver provides free daily potential attack surface reports and identifies potential malware and malicious activity relevant to your organization’s network or constituency.

The WhoisXMLAPI integration lets ThreatStream users access billions of domain and DNS records through acollection of APIs. Users can map and study all connections across domain names, current and historical resource owners, IP addresses, subdomains, NS and MX servers, and more.

WOT checks every domain before you visit it to let you know its safety and security rating.

‍

URLScan.io is a website scanner focused on analyzing all possible details about any established HTTP connection, site content, and relations with other sites. This enrichment helps ThreatStream users with analyzing and triaging suspicious URLs.

SPUR's Context API provides hosted high-performance IP enrichment lookups suitable for automation platforms, scripts, and custom integrations. This enrichment provides ThreatStream users with additional context to IP address indicators. It also enriches each IP address with anonymity network information, precision geolocations, and estimated user counts.

The ReversingLabs Spectra Intelligence enrichment is a set of pivot and context-based functions that can be used to enrich threat hunting and analysis by introducing new and unique insights into the security workflow. It returns data transformations and enrichment visualizations from ReversingLabs Spectra Intelligence, the industry's most comprehensive source of reputation data, into Anomali ThreatStream workflows.

This integration uses multiple transforms and enrichments to obtain malware data from the ReversingLabs Spectra Analyze platform and transforms it into valuable threat hunting info.

Query.ai is a federated search solution that enables you to access and get answers from your security data. Query's patented browser-based platform delivers real-time access and centralized insights across on-premises, multi-cloud, and SaaS applications, without duplicating data from its native locations.

‍

The Pastebin Dump Collection (PSBDMP) enrichment allows users to determine which pastebin sites featured a specific e-mail address.

Enrich Hash information with IoCs and TTPs from Intezer Analyze.

InsightVM is a data-rich resource that can amplify the other solutions in your tech stack, from SIEMs and firewalls to ticketing systems. InsightVM brings together Rapid7’s library of vulnerability research knowledge from Nexpose, exploit knowledge from Metasploit, global attacker behavior, internet-wide scanning data, exposure analytics, and real-time reporting

The DNSTwist Domain Spinning enrichment helps users quickly identify potential domain squats and phishing domains, and empowers security teams to perform phishing detection as part of their investigations.

Deloitte's Codex Enrichment allows access to a truly large malware sandbox dataset that encompasses additional data to include APT names from multiple vendors associated with malware, easy to understand malware naming, typing, execution information, and more.

Anomali supports two Well-Fed Intelligence DGA feeds from Bambenek Consulting. These feeds track 53 families of malware and about one million malicious domains using Domain Generation Algorithms. Created hourly with resolution, domain, IP and nameserver info. This channel is a list of all actively resolving and non-whitelisted domains.

ThreatWorx's Attenu8 Threat Intelligence offers machine-curated, AI-enhanced threat and vulnerability intelligence with advanced keyword based filtering and noise reduction.