Request a Demo Search image Hide search image
Search image Burger image Hide search image
Integration

Anomali ThreatStream API SIEM Integration

Request a Demo Read the Docs

Integration Overview

Anomali ThreatStream allows you to centralize dozens of open-source and premium intelligence feeds into one shared repository. Data from Anomali ThreatStream can be filtered according to your criteria and fed into Panther for real-time, intelligence-driven defense. ThreatStream users can prioritize threat intelligence by severity and confidence, which is automatically correlated with indicators in your environment.

How It Works

  • Panther constructs a lookup table for efficient enrichment using your ThreatStream API key and a search query.
  • Incoming events are enriched if they match an indicator field such as IP address.
  • Enrichment data is available in detection logic, stored in the data lake for future investigation, and can be passed along as additional context in alerts.

Learn more about configuring Anomali ThreatStream in Panther.

Related Integrations

IPinfo

Enrich detections and reduce false-positive alerts

Custom Lookup Tables

Enrich log data from custom sources.

Escape Cloud Noise. Detect Security Signal.
Request a Demo