Source Integration with Anomali ThreatStream

Source Integration with Anomali ThreatStream

June 15, 2020
Profile Icon

Jason Franscisco

Loginsoft, a leading provider of cyber engineering services for Threat Intel Platform Companies has built the expertise in integrating with Anomali, a leading provider of intelligence-driven cybersecurity solutions.

There are ever growing cyber product companies creating products with multiple API endpoints as threat data sources and proprietary feeds. Feeds alone aren't enough; they also need a way to turn information into actionable intelligence through a technology partner. This is where Loginsoft has built the integration to ingest their source into Anomali using Anomali SDK.

Anomali ThreatStream aggregates and organizes sources from multiple trusted partners, providing diverse threat intelligence within their platform.

Loginsoft's MiTRA Threat Feeds are outcome of its threat hunting research by deploying honeypots for a specific component or an emerging threat from which we analyze the attack patterns, payloads and the threat actors behind it. This curated metadata will be transformed into an actionable Threat Intelligence either to detect or prevent the attacks.

Loginsoft has integrated their threat feed with Anomali Preferred Partner Store (APP Store), which is an unique cyber security marketplace providing instant access to a growing catalog of threat intelligence providers, integration partners and threat analysis tools.


  • Developing Context-Based Enrichments
  • Developing Pivot-Based Enrichments
  • Anomali Enrichments Library (SDK) provides various options to display enrichment data (Example: TextWidget, TableWidget and ChartWidget etc.)
  • Creating Enrichment Bundles after development and testing
  • Submitting ThreatStream Cloud Enrichments for Certification

Entity Types supported by Anomali Enrichments SDK: Domain, IP, Hash, Email, URL, Phrase, Autonomous System Numbers, DNS Name Server Records

Here's a look inside Anomali's ThreatSteam as Context based Enrichment for Domain entity.

Anomali’s ThreatSteam as Context based Enrichment

Here's a look inside Anomali's ThreatSteam for Domain entity as TableWidget for different endpoints:

WhoIs API endpoint

Anomali’s ThreatSteam for Domain entity - WhoIs API endpoint

Passive DNS API endpoint

Anomali’s ThreatSteam for Domain entity - Passive DNS API endpoint

Malware API endpoint

Anomali’s ThreatSteam for Domain entity - Malware API endpoint

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.

Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter