Anomali Partner Directory

WOT checks every domain before you visit it to let you know its safety and security rating.

‍

URLScan.io is a website scanner focused on analyzing all possible details about any established HTTP connection, site content, and relations with other sites. This enrichment helps ThreatStream users with analyzing and triaging suspicious URLs.

This integration uses multiple transforms and enrichments to obtain malware data from the ReversingLabs Spectra Analyze platform and transforms it into valuable threat hunting info.

The ReversingLabs Spectra Intelligence enrichment is a set of pivot and context-based functions that can be used to enrich threat hunting and analysis by introducing new and unique insights into the security workflow. It returns data transformations and enrichment visualizations from ReversingLabs Spectra Intelligence, the industry's most comprehensive source of reputation data, into Anomali ThreatStream workflows.

SPUR's Context API provides hosted high-performance IP enrichment lookups suitable for automation platforms, scripts, and custom integrations. This enrichment provides ThreatStream users with additional context to IP address indicators. It also enriches each IP address with anonymity network information, precision geolocations, and estimated user counts.

InsightVM is a data-rich resource that can amplify the other solutions in your tech stack, from SIEMs and firewalls to ticketing systems. InsightVM brings together Rapid7’s library of vulnerability research knowledge from Nexpose, exploit knowledge from Metasploit, global attacker behavior, internet-wide scanning data, exposure analytics, and real-time reporting

Query.ai is a federated search solution that enables you to access and get answers from your security data. Query's patented browser-based platform delivers real-time access and centralized insights across on-premises, multi-cloud, and SaaS applications, without duplicating data from its native locations.

‍

The Anomali ThreatStream App for Splunk empowers Splunk users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Splunk users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Splunk, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.).

GreyNoise's integration with Anomali ThreatStream helps security analysts save time by revealing which events they can ignore. GreyNoise's data is a curation of IPs that saturate security tools with noise, like mass-internet scanners and harmless business services. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.

Users can also enrich against GreyNoise to reduce observables created by mass-internet scanning and create more time to investigate targeted attacks. This enrichment provides context into IP behavior: intent, tags, first seen, last seen, geo-data, ports, OS and JA3. Advanced features showing timeline and similarity based information is available for users with those subscription features.

‍

Farsight DNSDB (now part of DomainTools) is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. This enrichment lets you look up and pivot on domain names and IP addresses using Farsight's Passive DNS (pDNS) database, DNSDB.

Certego Data Feeds provide EU and Italy-focused threat intelligence, categorizing malicious IPs and domains by type and reliability. Powered by Quokka, they deliver real-time insights, block threats, and improve efficiency for MDR and MSSP services.

The Shadowserver Foundation is a nonprofit organization with an altruistic mission to make the Internet more secure for everyone. Shadowserver provides free daily potential attack surface reports and identifies potential malware and malicious activity relevant to your organization’s network or constituency.

The WhoisXMLAPI integration lets ThreatStream users access billions of domain and DNS records through acollection of APIs. Users can map and study all connections across domain names, current and historical resource owners, IP addresses, subdomains, NS and MX servers, and more.

The Pastebin Dump Collection (PSBDMP) enrichment allows users to determine which pastebin sites featured a specific e-mail address.

Enrich Hash information with IoCs and TTPs from Intezer Analyze.

The DNSTwist Domain Spinning enrichment helps users quickly identify potential domain squats and phishing domains, and empowers security teams to perform phishing detection as part of their investigations.