Loading . . .

Anomali ThreatStream Integration

Sign Up Sign In

This integration package allows to correlate all data coming into Elastic stack with threat intelligence acquired from Anomali ThreatStream. Integration stack is built using the ThreatStream REST API and regularly pulls list of latest IOCs to Logstash dictionaries for the data enrichment during ingestion. Examples include looking for C2 IP, Malware IP, Phishing, APT, URL, Domain and Hash matches. Basic quantity metrics are automatically calculated for ingested IOCs and their types. Content includes configs for the Logstash, Dashboards for Kibana, python script to interact with Anomali API, Elasticsearch index template and installation documentation guide.