Anomali ThreatStream

Prev Next

Anomali ThreatStream Threat Intelligence Platform (TIP) centralizes and refines threat data from hundreds of sources. It automates the process of identifying and prioritizing relevant threats, filtering out noise to deliver actionable intelligence. For detailed information, please refer to the Anomali ThreatStream’s official documentation.

Integration Method: API

Tables: Incident Finding (2005), Detection Finding (2004), Vulnerability Finding (2002)

This integration supports the following events.

Event

Description

Incidents

Returns a list of incidents generated in the system.

Intelligence

Returns a list of threat intelligence.

Vulnerabilities

Returns a list of vulnerabilities.

This integration supports the following versions.

Anomali ThreatStream API Version

V1 (Incidents, Vulnerabilities), v2 (Intelligence)

Note:

Anomali ThreatStream doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As of the preparation of this document, the latest update was in 2025.

Prerequisites

  • The user should have access to the Anomali ThreatStream platform.

  • The user should have access to DataBee console.

Configuration Overview

  1. Generate an Email Address and API Token from Anomali ThreatStream platform to access the APIs.

  2. Add the Anomali ThreatStream data feed in the DataBee console with the parameters below.

    DataBee Parameter

    Anomali ThreatStream Parameter

    Access Key

    Email Address

    Secret Key

    API Key

    API Base URL (<instance>)

    Base URL

Anomali ThreatStream Configuration

  1. Sign in to the Anomali ThreatStream platform and copy and save the Email Address for later use.
     

  2. Navigate to settings on top right corner.
     

  3. Click on Reveal to unhide the API Key.
     

  4. Copy the API Key and save it for later use.
     

  5. Navigate to TAXII and copy and save the TAXII 1.x URL for later use.
     

DataBee Configuration

To configure the data source,

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Anomali ThreatStream and click on it as shown below.
     Image download failed.

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • Authorization Method: Custom API Key

    • API Base URL: Replace <instance> with the Base URL that DataBee will interact with.

    • Access Key: Enter the saved Email Address.

    • Secret Key: Enter the saved API Key.

    • Event Types: Preselected for all the event types that integration pulls.
       

  6. Click Submit.

Troubleshooting Tips

  • Ensure Email Address and API Keys are pasted correctly. Ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.