Anomali ThreatStream

Unmatched visibility. Faster defense.

Automate the collection and management of your threat intelligence and disseminate it in real time to your security controls.

See threats faster

Anomali ThreatStream aggregates threat intelligence under one platform, providing an integrated set of tools to support fast, efficient investigations, and delivering “operationalized” threat intelligence into security controls at machine speed.

ThreatStream product diagram

Operationalize your threat intelligence

Automate threat intelligence collection

Automate the threat intelligence collection and management lifecycle, speeding detection of threats and enabling proactive cyber defense.

Speed investigations

Streamline threat investigation with an integrated set of research, analysis, and publishing tools, providing tremendous productivity for security analysts.

Feed your security controls

Deliver operationalized threat intelligence directly into your security controls to stop threats faster.

On-Demand Webinar

Know Thine Enemy—Profiling Cyber Threat Actors

In reality, our enemies are not even on our radar, because we overlook the smaller signals our controls catch for us. But sometimes these are small pieces of a bigger puzzle we need to understand. Every detection by our security controls tells a story, and this is why we profile.

View the Webcast

Automate the collection of all your threat intelligence

Bringing together multiple sources of threat data into a single set can often be time-consuming and manual.

ThreatStream accelerates the process of collecting all of your global threat data into a single high-fidelity set of threat intelligence, with virtually no IT administration required.

  • Automate threat data collection from hundreds of sources into a single, high fidelity set of threat intelligence
  • Operationalize threat intelligence into “machine-readable” form
  • Score threat intelligence for confidence and severity with powerful machine learning algorithms
  • Easily “try and buy” new sources of threat intelligence via the APP Store.

In addition to the open-source and premium intelligence sources from leading vendors included in your ThreatStream subscription, easily "try and buy" new sources via the integrated Anomali APP Store

Farsight Security
Reversing Labs
Crowd Strike
Fox IT
Digital Shadows

Accelerate your threat research and insights

Investigating cyber threats has historically required “swivel chair” research across multiple products and data sources.

ThreatStream’s Investigations workbench provides an integrated platform to dramatically increase security analyst productivity in threat research, analysis, and finished intelligence publication.

  • Automatically associate indicators to MITRE ATT&CK TTPs
  • Analyze adversary attack infrastructure with visual Explorer tool
  • Detonate malware and phishing emails to extract indicators
  • Quickly create and publish professional-looking threat bulletins
ThreatStream and MITRE ATT&CK

Turnkey integration with your security controls

Ensuring that your security controls have the most current visibility into external threats can often require expensive and time-consuming integration projects.

ThreatStream delivers operational threat intelligence to your security controls via the industry’s largest set of turnkey integrations, enabled by a robust set of SDKs and APIs. This allows you to push the data out to your security systems for blocking and monitoring on an automated basis, including your SIEM, Firewall, IPS, EDR, and SOAR.

  • Turnkey integrations with leading enterprise SIEMs, firewalls, EDRs, and SOARs deliver fast time-to-value
  • Scalable, real-time intelligence distribution to security controls
  • Round-trip visibility into threat intelligence quality with MyAttacks
  • Reduce false positives and alert storms
  • Extensible platform with restful API and SDKs for feeds, enrichments and security system integrations
Threat intelligence platform
Case Study

Blackhawk Network

Learn now Blackhawk Network integrated disparate threat feeds into a high fidelity data set of intelligence, synchronized threat intelligence with their SIEM alerts, and provided the threat context around IOCs necessary for analysts to understand their true importance.

Read the Case Study

Share threat intelligence with your peers and partners

Industry-centric and government-led initiatives have led to a dramatic increase in the sharing of threat intelligence between governments, private organizations, and industries.

ThreatStream Trusted Circles help reduce response times to cyber events and speed up preventative measures by ensuring that users can participate securely and seamlessly in two-way sharing. Company-proprietary information can be kept private to guarantee the confidentiality of shared information.

Learn more
Sharing threat intelligence

Flexible deployment options to fit your requirements

Cloud Native


For organizations requiring a best-of-breed threat intelligence platform that provides fast time-to-value, Threatstream offers a cloud-native implementation that can be deployed in minutes.

Virtual Machine

Virtual Machine

For organizations requiring their threat intelligence platform to be hosted in their cloud platform of choice, ThreatStream can be deployed as a virtual machine.



For organizations that need to ensure the security of locally generated threat intelligence, ThreatStream On-Prem provides a locally managed private instance that includes the ability to access global cloud-based threat intelligence feeds.

Air Gap

Air Gap

For organizations requiring maximum security, ThreatStream AirGap is a completely standalone private instance, delivering full functionality without connecting to the Internet or any other threat intelligence service.

Go with Anomali and improve your security posture

Organizations rely on Anomali to harness the power of threat intelligence to make effective cybersecurity decisions that reduce risk and strengthen defenses.