Anomali Partner Directory

Dataminr Pulse for Cyber Risk brings the leading AI-powered real-time alerting into Anomali, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.

‍

‍

Anomali ThreatStream supports three intelligence feeds from Team Cymru. The Botnet Analysis & Reporting Service (BARS) feed provides in-depth analysis, tracking, and history of 40+ malware families that utilize unique control protocols and possibly encryption mechanisms. The Controller feed offers near-real-time identification of botnet command and control (C&C) IP addresses (IRC, http, and P2P) built for DDoS, warez, and underground economy to include bot types, passwords, channels, and our insight. The Reputation feed allows subscribers to monitor for infected computers visiting their networks to identify compromised hosts as they access their networks, thus enabling them to monitor or block these infected hosts before they can cause any damage.

IPQualityScore (IPQS) provides Anomali ThreatStream users with enterprise-grade detection for sophisticated abuse. The IPQS Fraud and Risk Scoring Enrichment provides enterprise grade fraud prevention, risk analysis, and threat detection. Analyze IP addresses, email addresses, URLs, and domains to identify sophisticated bad actors and high risk behavior. IPQS uses a unique data set, gathered by our proprietary honeypot network that captures advanced abuse such as residential botnets, phishing, hijacked domains, and any IOC that's been associated with abusive behavior across our partner reporting network, which analyzes over 10,000 abuse reports per second.

BforeAI is a leader in predictive security solutions helping organizations prevent intrusions and data exfiltration by predicting vectors of future attacks. The information is used in PreCrime™ - predictive cyber threat intelligence that enhances existing security solutions (firewalls, DNS resolvers, anti-phish filters, proxies, etc.) with foresight. BforeAI's patented AI technology combined with hyperscale observation infrastructure and modern APIs augment customers' security postures with predictions.

GreyNoise's integration with Anomali ThreatStream helps security analysts save time by revealing which events they can ignore. GreyNoise's data is a curation of IPs that saturate security tools with noise, like mass-internet scanners and harmless business services. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.

Users can also enrich against GreyNoise to reduce observables created by mass-internet scanning and create more time to investigate targeted attacks. This enrichment provides context into IP behavior: intent, tags, first seen, last seen, geo-data, ports, OS and JA3. Advanced features showing timeline and similarity based information is available for users with those subscription features.

‍

PolySwarm seamlessly integrates via API and allows Anomali’s users to obtain file and URL reputation services with a single click, in real-time, from a network of independent malware detection engines. PolySwarm enriches samples with diverse threat indicators and allows threat hunters and SOC analysts to search for and identify relationships between diverse malware families and threat indicators. integration allows users to obtain file and URL reputation services with a single click, in real-time, from a network of independent malware detection engines. PolySwarm summarizes crowdsourced verdicts into a single, authoritative number called PolyScore™, providing the probability a given file contains malware.