Anomali ThreatStream

Anomali ThreatStream is a threat intelligence platform that aggregates and operationalizes threat data from multiple sources. The platform provides access to a repository of curated threat intelligence feeds from hundreds of diverse sources. The platform correlates threat intelligence with organizational telemetry and vulnerabilities to enable detection and investigation. It includes dashboards that display threat actors, vulnerabilities, tactics, techniques, and procedures (TTPs), campaigns, and geolocation data. ThreatStream enriches threat data with context including severity and confidence scoring for actors, campaigns, incidents, malware, signatures, vulnerabilities, indicators of compromise (IoCs), and indicators of attacks (IoAs). The platform supports threat modeling capabilities using MITRE ATT&CK profiles to simulate attack scenarios. The platform distributes enriched threat intelligence across security infrastructure through integrations with firewalls, SIEMs, proxies, DNS systems, messaging platforms, endpoint protection platforms, and ISACs. It automates the distribution of threat data to enable blocking and monitoring of potential attacks. ThreatStream provides filtering and customization of threat intelligence based on organization-specific parameters including location, industry, sector, and technology stack. The platform removes duplicate and obsolete threat data from feeds.