Source Integration with Anomali ThreatStream

Loginsoft, a leading provider of cyber engineering services for Threat Intel Platform Companies has built the expertise in integrating with Anomali, a leading provider of intelligence-driven cybersecurity solutions.

There are ever growing cyber product companies creating products with multiple API endpoints as threat data sources and proprietary feeds. Feeds alone aren't enough; they also need a way to turn information into actionable intelligence through a technology partner. This is where Loginsoft has built the integration to ingest their source into Anomali using Anomali SDK.

Anomali ThreatStream aggregates and organizes sources from multiple trusted partners, providing diverse threat intelligence within their platform.

Loginsoft's MiTRA Threat Feeds are outcome of its threat hunting research by deploying honeypots for a specific component or an emerging threat from which we analyze the attack patterns, payloads and the threat actors behind it. This curated metadata will be transformed into an actionable Threat Intelligence either to detect or prevent the attacks.

Loginsoft has integrated their threat feed with Anomali Preferred Partner Store (APP Store), which is an unique cyber security marketplace providing instant access to a growing catalog of threat intelligence providers, integration partners and threat analysis tools.

INTEGRATION HIGHLIGHTS:

Developing Context-Based Enrichments
Developing Pivot-Based Enrichments
Anomali Enrichments Library (SDK) provides various options to display enrichment data (Example: TextWidget, TableWidget and ChartWidget etc.)
Creating Enrichment Bundles after development and testing
Submitting ThreatStream Cloud Enrichments for Certification

Entity Types supported by Anomali Enrichments SDK: Domain, IP, Hash, Email, URL, Phrase, Autonomous System Numbers, DNS Name Server Records

Here's a look inside Anomali's ThreatSteam as Context based Enrichment for Domain entity.