Alienvault USM Anywhere Logo
Skip to content

Anomali's ThreatStream

Threat Intelligence to Fuel Your Organization's Environment


What Is Threat Intelligence?

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets.

Castra can use this to make informed decisions regarding the detection and/or response to that menace or hazard.

How Can Threat Intelligence Help Me?

Cyber threat intelligence is a subset of intelligence focused on information security. This curated information is intended to help make better decisions about how to defend an organziation from cyber-based threats


The History of Castra and Anomali


The Castra SOC leverages Anomali to push targeted intel into our customers SIEM platform. In addition, Anomali is where Threat Hunting is initiated with results, concepts, search findings being compared against client data from their SIEM.

Anomali compiles, validates and scores all threat intel from various private, public, ISAC and other sources (including the client themselves!). This allows Castra to reduce False Positives and asses true threat values against those presented to the analyst, resulting in better more accurate alarming for the client and better detection for the Castra SOC.


The 3 Levels of Cyber Threat Intelligence

There are generally three "levels" of cyber threat intelligence:

  1. Strategic
  2. Operational
  3. Tactical

Collecting each flavor of intelligence is important because they serve different functions. Analysts leveraging the sum knowledge of these three types of intelligence are better able to determine what security solutions to use, how they should be leveraged, and how to proactively and reactively respond to threats.

Automated Threat Intelligence

With ThreatStream, organizations can accumulate many different sources of intelligence without creating more work for the threat intel team. ThreatStream automates the core functions of a dedicated team: aggregating threat intel stories, de-duplicating data, curating information and invoking machine learning to remove false positives. All this reduces the signal-to-noise ratio. The results are thoroughly vetted—and far more useful than free threat intelligence feeds off the Web.

The capabilities of ThreatStream make it possible for security operations teams to get the benefits of a dedicated threat intelligence practice without having to augment personnel. What’s more, ThreatStream information sharing capability is similar to your neighborhood watch program. It allows organizations to share information with peers and continuously evolve best practices in responding to threats and denying attackers the element of surprise.


Anomali ThreatStream providesorganizations with access to the mostreliable sources of threat intelligence—and then closes the gap betweenanalysis and taking action.

Finding the relevant IOCS among millions


With Indicators of Compromise (IoCs) increasing exponentially year after year, security operations teams are inevitably overwhelmed. Even leading security tools with powerful automation can reliably ingest only a fraction of that data.

Without the proper tools to handle the massive volume of information, alerts are often set aside to undergo delayed analysis. Hours may pass before a security operations team determine whether those threats are relevant and potentially present in the environment. At the same time, management—from the CISO to other C-suite leaders—are following key developments in the media and seeking answers from security teams about whether an action is required.

That’s why the Anomali platform enables Castra to instantly identify what matters most to them, and empower our customers to quickly distill that data into actionable intelligence.

The Anomali platform consists of these 3 products:

Anomali ThreatStream

Anomali ThreatStream improves efficiency when handling large volume and/or multiple threat intelligence feeds with full integration with top cybersecurity tools.

Anomali Match

Anomali Match accelerates forensics activities with a powerful engine to compare that threat data with information throughout an environment—not just today, but in previous periods to see whether a newly discovered threat has already been present.

Anomali Lens

Anomali Lens puts threat intelligence directly into the hands of analysts, with an innovative, easy-to-use color-coded indicator of whether that threat is relevant to a customer organization.

Threat Intelligence And Cyber Resilience Directly Into Your SIEM With



1000-5000 Users

  • 24/7 Proactive Threat Detection
  • Add Anomali ThreatStream License
  • 24/7 Premium Alarm Monitoring & Response


Up to 5,000 Users

  • Add Anomali ThreatStream License
  • Add SentinelOne Singularity XDR License
  • 24/7 Premium Alarm Monitoring & Response

MXDR Enterprise

  • Anomali ThreatStream License
  • EDR/XDR License
  • 24/7 Premium Alarm Monitoring & Response

Request Your Demo