Anomali ThreatStream Threat Intelligence Platform (TIP) centralizes and refines threat data from hundreds of sources. It automates the process of identifying and prioritizing relevant threats, filtering out noise to deliver actionable intelligence. For detailed information, please refer to the Anomali ThreatStream’s official documentation.
Integration Method: API
Tables: Incident Finding (2005), Detection Finding (2004), Vulnerability Finding (2002)
This integration supports the following events.
Event | Description |
---|---|
Incidents | Returns a list of incidents generated in the system. |
Intelligence | Returns a list of threat intelligence. |
Vulnerabilities | Returns a list of vulnerabilities. |
This integration supports the following versions.
Anomali ThreatStream API Version | V1 (Incidents, Vulnerabilities), v2 (Intelligence) |
Note:
Anomali ThreatStream doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As of the preparation of this document, the latest update was in 2025.
Prerequisites
The user should have access to the Anomali ThreatStream platform.
The user should have access to DataBee console.
Configuration Overview
Generate an Email Address and API Token from Anomali ThreatStream platform to access the APIs.
Add the Anomali ThreatStream data feed in the DataBee console with the parameters below.
DataBee Parameter
Anomali ThreatStream Parameter
Access Key
Email Address
Secret Key
API Key
API Base URL (<instance>)
Base URL
Anomali ThreatStream Configuration
Sign in to the Anomali ThreatStream platform and copy and save the Email Address for later use.
Navigate to settings on top right corner.
Click on Reveal to unhide the API Key.
Copy the API Key and save it for later use.
Navigate to TAXII and copy and save the TAXII 1.x URL for later use.
DataBee Configuration
To configure the data source,
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Anomali ThreatStream and click on it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: Custom API Key
API Base URL: Replace <instance> with the Base URL that DataBee will interact with.
Access Key: Enter the saved Email Address.
Secret Key: Enter the saved API Key.
Event Types: Preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure Email Address and API Keys are pasted correctly. Ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.