Products found: 5

Offer a reference bonus

Anomali ThreatStream

Anomali ThreatStream - threat detection, investigation and response.


Mission Control for Threat Intelligence

ThreatStream speeds detection of threats by uniting your security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts to quickly handle threats.



ThreatStream collects threat intelligence data from hundreds of sources. Users can also trial and purchase 3rd party premium feeds directly through the Anomali APP Store.

Threat intelligence sources include:

  • ​STIX/TAXII feeds
  • ​Open source threat feeds
  • ​Commercial threat intelligence providers
  • ​Structured and unstructured intelligence
  • ​ISAC/ISAO shared threat intelligence



ThreatStream makes it easy to operationalize threat intelligence by:

  • ​Normalizing feeds into a common taxonomy
  • ​De-duplicating data across feeds
  • ​Removing false positives via machine learning algorithms
  • ​Enriching data with Actor, Campaign, TTP
  • ​Adding context from WHOIS, PassiveDNS, others
  • ​Associating related threat indicators



IOCs can be directly managed within the ThreatStream platform and pushed out to other systems for blocking and monitoring. These integrations include but are not limited to:

  • ​SIEM
  • ​Firewall
  • ​IPS
  • ​Endpoint
  • ​API


Enabling SOC Teams and Threat Intelligence Analysts

Anomali ThreatStream provides tools to help analysts and SOC teams respond to threats. The ThreatStream platform includes features such as:

  • ​Phishing - Extract indicators from suspected emails
  • ​Sandbox - Detonate malware and extract relevant indicators
  • ​Brand Monitoring - Detection of brand abuse
  • ​Threat investigation engine with analyst workflows
  • ​Threat bulletin creation, management, and collaboration



Trusted Circles within the ThreatStream Platform ensure that users can participate seamlessly in two-way sharing. Company-proprietary information can be kept private to guarantee the confidentiality of shared information.

... Learn more
Offer a reference bonus

EclecticIQ Platform

EclecticIQ Platform is a Threat Intelligence Platform (TIP) that empowers threat analysts to perform faster, better, and deeper investigations while disseminating intelligence at machine-speed.


Gather relevant intelligence

    • Capture incoming intelligence
    • Conduct triage


Integrate threat intelligence into the enterprise

    • Distribute to stakeholders
    • Automate feeds into security controls


Participate in the broader intelligence community

    • Share with communities
    • Support STIX and TAXII standards


Empower analysts

    • Graph with advanced search
    • Collaborate with colleagues
    • Generate insightful reports
    • Create structured intelligence




EclecticIQ Platform enables CISOs to align investment in CTI according to the reality of cyber threats. In addition, EclecticIQ improves the efficiency and effectiveness of other security management (e.g. SIEM, IPS/IDS) solutions, improving the performance of cyber threat defense within the enterprise.

Intelligence Analysts

EclecticIQ Platform empowers analysts to optimize their workflow using with automation tools based on analytics. Instead of manually crunching through data, analysts can better spend their time on collaboration with peers, working to enrich, qualify, analyze and share threat information to stakeholders.

Incident Response Teams

EclecticIQ Platform facilitates and accelerates investigations with a scalable, fast and flexible solution that provides a single point of aggregation along with automated and manual analysis tools. These capabilities optimize response time and improve remediation efforts.

Heads of Cyber Threat Intelligence

EclecticIQ Platform provides a centralized solution for consolidating threat intelligence that facilitates knowledge sharing and reporting of strategic, operational and tactical intelligence to stakeholders.

Security Operations Centers

EclecticIQ Platform delivers much-needed context and relevance to SOCs by incorporating enriched data into IOC feeds. This reduces the mean time to respond to high-priority incidents.

IT Operations

EclecticIQ Platform is a versatile system that offers a wide variety of on-premise and cloud deployments (including CentOS, RedHat, and Ubuntu). Leveraging the latest data management technologies, it can process massive amounts of information at high speed with a relatively low impact on resources. EclecticIQ Platform is a demonstration of stability and interoperability through CTI standards.

... Learn more
Offer a reference bonus

R-Vision Threat Intelligence Platform (TIP)

R-Vision TIP provides automatic collection, normalization and enrichment of indicators of compromise, transfer of processed data directly to internal security tools, as well as search and detection of indicators in the organization’s infrastructure using sensors.

Indicators of compromise are specific signs that identify a potential threat. These include IP addresses, domains, hashes of malicious files, botnet command server addresses, and other data.

Such information helps to identify attempts to penetrate systems, detect targeted attacks in the early stages and keep abreast of current threats.

Benefits of Using

  • Simplifies working with Threat Intelligence data by continuously collecting, normalizing and storing data from various sources in a single database.
  • It facilitates the detection of hidden threats by providing automatic monitoring of relevant indicators in SIEM, syslog and DNS queries using sensors.
  • Simplifies and accelerates incident investigation by quickly searching for information in accessible sources and automating key scenarios of working with cyber intelligence.
  • It allows you to block threats in time and minimize possible damage, thanks to the automatic upload of processed data directly to internal security tools.
... Learn more
Offer a reference bonus

ThreatConnect Platform

Automate the Collection of Intel From All Sources

With ThreatConnect’s Threat Intelligence Platform (TIP), centralize the aggregation and management of threat data no matter the source. Whether it’s Open Source data from OSINT Feeds, Blogs, or RSS Feeds; or indicators being sent from a threat intel feed provided by an ISAC or Premium Provider, we take that data and add additional context. Robust integrations with tools like your SIEM, EDR, and firewall pull internally generated logs into ThreatConnect for further enrichment. You’re provided with a place to organize and prioritize the data so you can then use it to drive actions inside and outside of the Platform.

Agnostic and Extensible Integrations for Distributing Information to Other Security Tools

Intelligence collected within the ThreatConnect TIP has the ability to dictate decisions being made across your technology stack. Send relevant and actionable insights from the Threat Intelligence Platform to other tools with our wide breadth of integrations and flexible Playbooks. Export Threat Intelligence Reports and share the information with other teams to help your organization stay up to date on relevant threats.

Dynamic Intel-driven Automation and Orchestration for Better Decision Making

As additional context and associations are applied to an indicator, you are armed with intelligence that should influence decision making. But, indicators are dynamic and ever-changing. And as they change, so should the processes tied to them. With ThreatConnect, intel-driven automation, orchestration, and response give you the ability to adjust decisions on the fly based on the changes seen in the intelligence that is influencing the process. Your automated processes are made smarter with Playbooks that enable continuous dynamic decision-making.

... Learn more
Offer a reference bonus


To understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder. ThreatQ can serve as an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning threat library, adaptive workbench and open exchange allow you to quickly understand threats, make better decisions and accelerate detection and response.


Automatically score and prioritize internal and external threat intelligence based on your parameters.


Improve effectiveness of existing infrastructure by integrating your tools, teams and workflows.


Automate aggregation, operationalization and use of threat intelligence across all systems and teams.


Centralize threat intelligence sharing, analysis and investigation in a threat intelligence platform all teams can access.




Shared Contextual Intelligence

Using ThreatQ as a threat intelligence platform equips you with a threat library that automatically scores and prioritizes threat intelligence based on parameters you set. Prioritization is calculated across many separate sources, both external and internal, to deliver a single source of truth using the aggregated context provided. This removes noise, reduces risk of false positives and enables users to focus on the data that really matters.

  • Self-tuning
  • Context from external   internal data
  • Structured and unstructured data import
  • Custom enrichment source for existing systems


Combine Automation and Human Intelligence for Proactive Detection and Response

Customer-defined configuration and integrations to work with your processes and tools. Customizable workflow and customer-specific enrichment streamline analysis of threat and event data for faster investigation and automates the intelligence lifecycle.

  • Consolidated view, unified opinion
  • Automatically prioritize based on all sources
  • Continuous threat assessment
  • Push-button operations using existing tools and processes
  • User-specific watch list widget


The industry’s first cybersecurity situation room

ThreatQ Investigations solves the collaboration and coordination inefficiencies that exist across security operations to accelerate detection and response. As the first cybersecurity situation room, it streamlines investigations and improves active collaboration among and across teams. Team leaders can direct actions, assign tasks and see the results unfold in near real-time.

  • Fuse together threat data, evidence and users
  • Accelerate investigation, analysis and understanding of threats in order to update your defense posture proactively
  • Drive down mean time to detect (MTTD) and mean time to respond (MTTR)
  • Build incident, adversary and campaign timelines


Open and Extensible Architecture Enables Robust Ecosystem

Import and aggregate external and internal data sources, integrate with existing enrichment and analysis tools, and export the right intelligence to the right tools at the right time to accelerate detection and response. Get more from your existing security investments by integrating your tools, teams and workflows through standard interfaces and an SDK/API for customization.

  • Bring your own connectors and tools
  • SDK/API for customization
  • Standard STIX/TAXII support
... Learn more

The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.