Anomali Lens

Intelligence at your fingertips. Time on your side.

Access threat knowledge, identify threats, and understand if you’ve been impacted – in seconds.

Faster threat knowledge

Anomali Lens uses Natural Language Processing (NLP) to automatically scan and identify threat data in any web-based content, reducing the time required to research and understand threats.

Anomali Lens product diagram

Smarter analysts, smarter CISOs

Identify threat intelligence in unstructured data in seconds

Lens scans unstructured web pages like news articles, blogs, social media platforms, and SIEM user interfaces to identify threat actors, malware families, and attack techniques using Natural Language Processing (NLP).

Accelerate threat research and MITRE ATT&CK analysis

Threat intelligence identified by Lens is automatically mapped onto the MITRE ATT&CK framework, and can be imported into Anomali ThreatStream for further investigation and analysis at the click of a button.

Know if your network has been penetrated

Threat intelligence identified by Lens is automatically matched against your network events and logs to tell you at a glance if your organization has been impacted.

Identify threat intelligence in unstructured data in seconds

Security analysts are faced with massive volumes of new threat data every day, and need to quickly triage this data to understand the nature and risk posed.

Lens provides threat intelligence knowledge and context at your fingertips. By simply scanning a web page, Lens uses Natural Language Processing (NLP) to automate the identification of threat indicators, threat actors, malware families, and attack techniques.

  • Scan, detect, and highlight all cyber threat references found on a web page
  • Intelligently identify all referenced tactics, techniques, and procedures (TTPs)
  • Easy-to-understand “tooltips” to provide context about the highlighted threats
  • Visually highlights tell you if the threats are “known” to your organization
Identify threat intelligence data

Accelerate threat research and reporting

Security analysts spend many hours researching threats by manually copying, pasting, and pivoting on threat data from sources such as news articles, blogs, threat bulletins, and social media.

Lens automatically converts scanned threat data into structured, machine-readable threat intelligence that can be operationalized and imported into Anomali ThreatStream in seconds.

  • Identify at a glance whether scanned threat data is known, unknown, or trending within ThreatStream
  • Launch sandbox detonations
  • Import scanned threat data into Threatstream with the click of a button
  • Open a new ThreatStream Investigation with the click of a button
Accelerate treat research

Answer the question, “Have we been impacted?”

When a new threat is discovered in the wild, security teams and executives need to know as soon as possible if the attackers have already penetrated their network.

When Lens does a scan, it automatically checks Anomali Match to determine if any of the discovered threat intelligence has been seen on your network.

  • See the number of matches found in your environment for any scanned threat indicator or TTP
  • Understand the threat type and severity at a glance
  • Open Match at the click of a button for further investigation, pivoting and research
Have we been breached?

Operationalize the MITRE ATT&CK framework

Today, threat analysis using the MITRE ATT&CK framework is an extremely manual and time-intensive process.

Lens “operationalizes” the MITRE ATT&CK framework, automatically identifying the MITRE ATT&CK tactics, techniques, and procedures (TTPs) found in scanned pages, and importing the data into Anomali ThreatStream at the click of a button.

  • Automatically identify tactics, techniques, and procedures (TTPs) in web pages
  • Automatically associate scanned TTPs with MITRE ATT&CK IDs
  • Import MITRE ATT&CK TTPs into a ThreatStream Investigation with the click of a button
  • Pivot, investigate, and visualize imported threat intelligence in MITRE ATT&CK heatmaps
MITRE ATT&CK heatmaps

Turn your security analysts into experts

Every organization is struggling with a shortage of qualified cybersecurity professionals.

Lens amplifies the expertise and productivity of your security operations teams, empowering them with the knowledge they need at their fingertips.

  • Hover-activated "tooltips" provide contextual information about highlighted threat intelligence at a glance
  • Immediately answer the question your CISO is bound to ask – “Have we been impacted by this threat?”
  • Enable your cyber threat analysts to produce intelligence products with the quality of seasoned cyber professionals, in half the time
  • Help your SOC analysts triage SIEM alerts in minutes and make better security decisions with the power of Anomali Lens insights
Anomali Lens works with Splunk

Give your CISO the power of security insight

Security executives often want direct access to analyst tools to stay informed. But most cyber tools are not designed for executive-level visibility.

Lens puts the power of security insight directly into the hands of the CISO.

  • Determine the relevance of online cyberattack reports in seconds
  • Immediately answer the question – “Have we been impacted by this attack?”
  • Know the details about any threat actor, TTP, or CVE at a glance
Security insights for the CISO

Flexible deployment options to fit your requirements

Browser Plug-In

Download the Anomali Lens browser extension for Chrome or Firefox.

ThreatStream Utility

For organizations with limited ability to use browser plugins or with high-security ThreatStream deployments, Anomali Lens is available as an onboard utility in ThreatStream.

Experience unlimited threat visibility and instant threat detection with Anomali

Schedule a live product demo and learn how Anomali can harness the power of all relevant intelligence to accelerate threat detection, investigation, and response.