Sold by: SophosLabs
Deployed on AWS
Powered by machine learning, decades of threat research, and petabytes of intelligence, SophosLabs Intelix gives your app superpowers to identify, classify, and prevent threats. Designed for easy integration into any application, augmenting your cybersecurity is only an HTTP request away.
4.3
Overview
SophosLabs Intelix is a cloud-based threat intelligence and threat analysis platform, enabling programmers to directly tap into the technology and intelligence behind Sophos products through RESTful APIs.
Based on petabytes of information about the threat landscape, machine learning and the latest in static and dynamic analysis techniques. Leverage first class protection only available from the cloud to easily identify known and potential threats, derive verdicts and rich threat intelligence reports in seconds.
Intelix provides four Easy-to-Use Services
Cloud Lookups Quickly identify known threats via direct access to the latest SophosLabs threat intelligence, query using suspect malware file hashes, URLs, IPv4 addresses, or Android APKs.
Static File Analysis Generate intelligence, harnessing the power of multiple machine learning models, global reputation, deep file scanning, and more without executing the file.
Deep analysis of web content by submitting the HTML file and URL to understand both security verdict and content categorization.
Dynamic File Analysis Detonate files in our sandbox using bleeding edge analysis and detection techniques for unmatched visibility into malicious files.
Static URL Analysis Generate intelligence for a URL without ever visiting the page, using ML and hosting information (e.g. DNS and SSL details) to determine predict sites that are malicious.
Support is provided via StackOverflow. Tag questions with "sophoslabs-intelix".
Highlights
- Harness the power of 30-plus years of SophosLabs experience in threat analysis and research
- Leverage SophosLabs threat intelligence services actively used in Sophos products
- RESTful APIs, with easily decomposable JSON responses
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
File hash lookup free tier (5000 requests/month) | $0.00 |
File hash lookup | $0.002 |
URL category lookup free tier (5000 requests/month) | $0.00 |
URL category lookup | $0.002 |
IP category lookup free tier (5000 requests/month) | $0.00 |
IP category lookup | $0.002 |
Android APK lookup free tier (5000 requests/month) | $0.00 |
Android APK lookup | $0.002 |
Static file analysis free tier (500 requests/month) | $0.00 |
Static file analysis | $0.02 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By SophosLabs
By Cloud Storage Security
By RST Cloud
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Cloud-Based Threat Intelligence Access
Direct access to SophosLabs threat intelligence database through RESTful APIs for querying malware file hashes, URLs, IPv4 addresses, and Android APKs
Static File Analysis
Machine learning-based file analysis without execution, incorporating multiple ML models, global reputation scoring, and deep file scanning to generate threat intelligence
Dynamic File Analysis
Sandbox-based file detonation using advanced analysis and detection techniques to provide visibility into malicious file behavior
Static URL Analysis
URL threat assessment using machine learning and hosting information including DNS and SSL details to predict malicious sites without visiting the page
Web Content Analysis
HTML file and URL submission for security verdict determination and content categorization analysis
Multi-Storage Platform Support
Malware scanning across Amazon S3, Amazon EBS, Amazon EFS, and Amazon FSx for object, block, and file storage environments.
Multiple Scanning Engines
Support for Sophos, CSS Premium, and CSS Secure engines that can be used individually or simultaneously to optimize detection accuracy and performance.
Flexible Scanning Models
Event-based scanning on upload, retroactive scanning on-demand or scheduled, and API-based scanning before write operations for migrations and application workflows.
In-Tenant Deployment Architecture
Installation and operation within customer AWS accounts with data remaining in the specified region, supporting private VPC endpoints and linked account management.
Automated Response and Remediation
Automated quarantine, tagging, and deletion of detected malware with integration to downstream workflows, alerts, and enforcement policies through object tagging.
Indicator of Compromise Lookup
Query threat intelligence database using malware file hashes, domains, URLs, and IPv4 addresses to identify known malicious indicators with comprehensive metadata including threat categories, severity scores, CVE information, malware family names, and threat actor details.
Known-Good Value Filtering
Check suspected indicators against known-good values database to identify benign entities such as common Windows system files, well-known DNS servers, and CDN IP addresses to reduce false positive alerts.
WHOIS Domain Registration Lookup
Retrieve WHOIS registration data for domains to verify domain ownership and registration details for threat investigation and phishing scenario mitigation.
Real-Time Threat Intelligence Updates
Access continuously updated threat intelligence database sourced from reputable security vendors, threat researchers worldwide, and research communities with rapid identification and categorization of known threats.
API Integration with Security Infrastructure
Seamlessly integrate with existing security platforms including TIP, SIEM, and SOAR systems through documented API endpoints with sample code for minimal implementation effort.
Standard contract
No
No
No
Customer reviews
Kendall N G
Automated sandbox analysis has transformed threat hunting and now cuts investigation time
Reviewed on Jun 20, 2026
Review provided by PeerSpot
What is our primary use case?
SophosLabs Intelix serves as my primary tool for advanced threat intelligence and deep analysis of suspicious files, URLs, and IPs. Teams use it to detect zero-day threats, enrich investigations, and automate security workloads, making day-to-day threat hunting faster and more reliable.
What is most valuable?
I used SophosLabs Intelix for deep analysis and workflow automations. For example, using Intelix Sandbox Detonations, we uploaded a file and within minutes received a detailed behavior report showing its attempt to contact a known malicious IP and drop a secondary payload.
When I used the Sandbox detonations and received that detailed behavior report, it provided immediate clarity on the threat, which accelerated our investigation. SophosLabs Intelix enriched the alert with context we could act on right away, and the automated workflow contained the issues within minutes, saving our team hours and keeping us ahead of attacks.
In my daily work, SophosLabs Intelix helps us triage alerts faster through enriching investigations automatically. Sandbox analysis provides immediate clarity on suspicious files, while automated workflow handles repetitive lookups. It has become a core part of our routine, saving hours and allowing us to focus on higher-value security tasks.
The features that stand out most to me about SophosLabs Intelix are Sandbox Detonation and automated enrichment. The Sandbox provides immediate clarity on suspicious files, while enrichment adds context we can act on right away. The workflow automation also saves us hours by pushing verdicts directly into our SIEM . Together, these features make SophosLabs Intelix a core part of my daily work.
SophosLabs Intelix has positively impacted our organization by making investigations faster, more accurate, and less resource-intensive. Using Sandbox Detonation and automated enrichment could cut investigation time by up to 40 percent, giving analysts immediate clarity on suspicious files.
The 40 percent reduction in investigation time has been significant for us. It has eased the team's workloads, reduced alert fatigue, and accelerated containment so incidents are resolved in under an hour instead of half a day. Overall, it makes our response sharper and frees analysts to focus on proactive security work.
What needs improvement?
SophosLabs Intelix has been effective, but I would prefer to see more customization for reports and third-party integration. The UI could also be more intuitive, and alert fine-tuning would help tailor it to our environment.
I rated it eight out of ten because of reporting customization. The dashboard could use more customization for compliance and executive reporting. Additionally, UI improvements or third-party integrations would be beneficial.
For how long have I used the solution?
I have been using SophosLabs Intelix for approximately one year.
What do I think about the stability of the solution?
SophosLabs Intelix AI governance and security is strong because they combine expert-led threat intelligence, strict privacy controls, and responsible AI practices. The platform balances deep learning detection with generative AI while ensuring customer data is handled securely and transparently.
I have found SophosLabs Intelix AI outputs to be accurate and reliable. Sandbox reports consistently provide clarity, and automated enrichment makes alerts actionable right away. The verdicts are stable enough to trust in triage and containment decisions, though reporting customization could be improved.
What do I think about the scalability of the solution?
SophosLabs Intelix is very scalable.
How are customer service and support?
Customer support has been great for me.
What was our ROI?
I consider the money saved because the service is faster than a human or the staff of the IT department.
What's my experience with pricing, setup cost, and licensing?
The pricing and cost structure is uncertain. I am familiar with licensing aspects, but I am not entirely certain about the overall pricing.
Which other solutions did I evaluate?
I did not purchase SophosLabs Intelix through the AWS Marketplace .
What other advice do I have?
If you are considering SophosLabs Intelix, my advice is to focus on how it can streamline investigation and integrate into the existing workflow. For example, I recommend starting with the Sandbox analytics, analysis, and automated enrichment. Sandbox reveals truth, AI guides swift containment, and workflows flow with ease. I rated this product eight out of ten.
Information Technology and Services
High Fidelity Threat Intelligence
Reviewed on Jan 16, 2024
Review provided by G2
What do you like best about the product?
They provides threat classification and deep analysis for known clean and malicious objects. Its easy to use and is effective and efficient and fast. I have frequently used it because of its efficiency.
What do you dislike about the product?
There is nothing to dislike about SophosLabs Intelix.
What problems is the product solving and how is that benefiting you?
I have used sophos products such as firewall and email to submit suspicious files to Intelix for deep analysis to accurately detect zero day threats
E-Learning
Threat Intelligence
Reviewed on Jan 16, 2024
Review provided by G2
What do you like best about the product?
It provided threat classification and deep analysis for known clean and malicious objects. It was easy use and implement and was fast. I have used it frequently because of it being easy use and is efficient.
What do you dislike about the product?
There is nothing to dislike about SophosLabs Intelix
What problems is the product solving and how is that benefiting you?
Threat hunters and security analysis rely on protection and detection technology to review and investigate suspicious behaviour. I have done detailed analysis on the above problem using sophos products.
Financial Services
Threat intelligence
Reviewed on Jan 16, 2024
Review provided by G2
What do you like best about the product?
It provided threat classification and deep analysis of kiwn clean and malicious objects including webpage and IP addresses. It is also easy to use and is fast. It us easy to implement.
What do you dislike about the product?
I don't dislike anything about Sophos Labs Intelx.
What problems is the product solving and how is that benefiting you?
I am using SophosLabs Intelix for threat intelligence. I used products such sophos firewall and Sophia email and other products to submit files to intellix for deep analysis to accurately detect zero day threats.
Shagun S.
Threat intelligence
Reviewed on Oct 03, 2023
Review provided by G2
What do you like best about the product?
Detailed analysis and provides information about suspicious threat objects and also easy yo use
What do you dislike about the product?
I don't have something to say about dislike
What problems is the product solving and how is that benefiting you?
Detecting of malicious objects