Sold by: AnomaliÂ
Intelligence driven, cloud-native extended detection and response (XDR) that elevates defense capabilities and increases return on security investments.
Overview
The Anomali Platform is fueled by big data management, machine learning, and the world's largest intelligence repository, to automatically correlate ALL installed security telemetry against active threat intelligence to stop breaches and attackers in real-time. By cutting through the noise and surfacing relevant threats, the Anomali Platform provides security teams with the tools and insights needed to detect threats, make informed decisions, and defend against today's sophisticated attacks.
Anomali Threatstream automates the threat intelligence collection and management lifecycle to speed detection, streamline investigations and increase analyst productivity. ThreatStream easily integrates into existing security infrastructure to operationalize threat intelligence and improve organizational efficiencies.
Highlights
- Interactive, simplified dashboards for visualization of IOCs
- Global intelligence feed ROI optimizer assesses based on score, quality, and organizational relevance
- MITRE ATT&CK mapping with immediate view of global threats impacting your organization's security posture
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Anomali Platform | Anomali Platform - 3500 employees / 0.5 TB a day / 6 months storage | $520,000.00 |
Threatstream Enterprise | Threatstream annual subscription up to 3,500 employees | $150,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
The Customer Success Organization (CSO) provides customers with 24-hour support and additional services. CSO uses a tiered approach to allow clients to contact Anomali through their assigned operations staff member or via our support portal. With experts in all major client integration solutions and areas of security development, CSO provides clients with the knowledge necessary to address all threat intelligence related inquiries. Support@anomali.comÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Top
25
In Log Analysis
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Threat Intelligence Management
Automated collection and management of threat intelligence using machine learning and big data techniques
Security Telemetry Correlation
Real-time correlation of installed security telemetry against active threat intelligence to detect potential breaches
Threat Detection Visualization
Interactive dashboards for visualization of indicators of compromise (IOCs) with comprehensive threat mapping
Intelligence Feed Assessment
Intelligent scoring mechanism for evaluating global intelligence feeds based on quality, relevance, and organizational impact
MITRE ATT&CK Framework Integration
Comprehensive mapping and immediate visibility of global threats aligned with MITRE ATT&CK framework
Threat Detection Analytics
Applies behavioral analytics to detect threat actor tactics using Tactic Graphs™ across endpoint, network, and cloud environments
Security Intelligence Platform
Leverages 20+ years of attack and threat data from 1400+ incident response engagements to recognize adversary behavior
Identity Threat Protection
Detects and responds to identity threats, protecting against 100% of MITRE ATT&CK Credential Access techniques
Log Correlation and Retention
Provides extended log retention, search query capabilities, and automated threat intelligence correlation
Multi-Environment Monitoring
Continuously monitors endpoint, network, and cloud environments for security misconfigurations and potential risks
Cloud Detection Technology
Agentless real-time security detection system using continuous behavior and configuration tracking
Threat Detection Framework
Cloud threat detection utilizing MITRE ATT&CK framework with machine learning-driven analysis
Security Exposure Analysis
Instant security and compliance implications detection for configuration changes across cloud environments
Behavioral Tracking
Continuous monitoring and modeling of cloud environment using proprietary CloudTwin technology
Multi-Source Correlation
Dynamic visual attack storyline connecting workloads, network data, cloud identities, and audit logs
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
No security profile
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
3 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
ChrisCollins
Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities
Reviewed on May 12, 2025
Review provided by PeerSpot
What is our primary use case?
We use Anomali as our threat intelligence platform for a variety of threat intelligence feeds that we subscribe to, needing a more central place to store everything so we can correlate which feeds have seen this indicator before and which haven't. This was the biggest use case for us to solve, which is why we went after it. It is definitely more than just a threat intel platform where we store all these indicators; it's almost very much a threat hunting tool that allows analysts to do investigations on those indicators and make connections, looking for other related things that we didn't necessarily see. It allows us to take a more proactive kind of approach.
What is most valuable?
The API is our most important feature. We are very much into automation, so being able to handle things programmatically at scale has been immensely powerful for us. We've evolved beyond just the two use cases I mentioned. One of the things we decided to do is utilize the Anomali API to push everything into that platform after sorting and normalizing everything. We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides. It's very adaptable; you can do a lot with it, making it a very powerful tool.
What needs improvement?
There is always room for improvement, as there are always new ideas. They have been dabbling with some AI functionality built into the platform, which is still very new, so there's a lot of improvement that could happen there, especially as the technology enhances.
For how long have I used the solution?
I have been using Anomali for about 7 or 8 years.
What was my experience with deployment of the solution?
The initial setup depends on which kind of deployment you choose; they offer both an on-prem solution and a Cloud deployment. If you choose the Cloud deployment, there's nothing you have to do; you just log in and start using it. It's pretty seamless. If you're using an on-prem setup, they provide an appliance for enterprise customers, and after subscribing, they ship you a device that you can set up by following their setup guide, which provides all the details and instructions.
What do I think about the stability of the solution?
Stability has been pretty seamless so far, but we've run into some issues more recently due to changes in how some platform functions operate. It doesn't seem they're considering enough how customers use those functions as they change them, and they don't give us enough time to adapt to those changes. For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
What do I think about the scalability of the solution?
The scalability is massive, allowing us to store millions of indicators. Unless you have a threat intelligence platform, you can't scale to the level Anomali offers, especially compared to trying to do it in a SIEM tool such as Splunk or Sentinel . It seems almost unlimited; I'm sure there's a limit, but they do a good job of never allowing us to hit that limit.
How are customer service and support?
Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days. We'll receive excuses such as "I was out of the office" or "I forgot to follow up on this, I apologize." While they apologize, it doesn't seem very professional how they're handling support anymore.
How would you rate customer service and support?
Positive
What other advice do I have?
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean.
My company is a customer of Anomali.
I would recommend it to other people.
I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform.
Overall, I would rate Anomali an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Sai Puneeth Gundamraju
Effective threat modeling and intelligence prioritization streamline threat hunting
Reviewed on Apr 28, 2025
Review provided by PeerSpot
What is our primary use case?
I use Anomali for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for report writing and documentation.
What is most valuable?
The most valuable aspect of Anomali is the threat modeling capability. It collects threat intel documents and IOCs and allows us to tailor it to our needs and prioritize intelligence requirements (PIRs). This enables us to receive prioritized threat intelligence.
What needs improvement?
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves. This would improve intelligence collection across Anomali.
For how long have I used the solution?
I have been using Anomali for the last six years.
What was my experience with deployment of the solution?
The initial deployment of Anomali was straightforward and went well.
What do I think about the stability of the solution?
I have not experienced any downtime with Anomali's cloud platform. It has been scaled very well.
What do I think about the scalability of the solution?
The scalability of Anomali is impressive, as indicated by the smooth operation of its cloud platform.
How are customer service and support?
The technical support at Anomali is excellent. They respond to inquiries within 24 to 48 hours.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used Recorded Future and Mandiant Advantage , which they bought from FireEye , in the past.
How was the initial setup?
The initial setup of Anomali was easy and took about three months to deploy. The full operationalization took around three quarters to one year.
What about the implementation team?
A dedicated engineer is needed for deployment, but for integrations and other tasks, multiple teams might be involved.
Which other solutions did I evaluate?
I have evaluated Recorded Future and Mandiant Advantage as alternatives to Anomali.
What other advice do I have?
For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer support success manager. This will effectively kickstart the journey. I rate the Anomali solution a solid nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Information Technology and Services
Vendor Agnostic largest Threat Intel Database
Reviewed on Oct 12, 2021
Review provided by G2
What do you like best about the product?
Anomali is one of those Vendors which gives the complete Threat Intel regardless of Vendor. It has 15-16 vendors' free threat intel along with the other Top vendor's Threat Intels. Even customers can create their own Intel and share it with others.
What do you dislike about the product?
It should be a bit cost-friendly to support all types of customers. Also, it should support offline Threat downloads.
What problems is the product solving and how is that benefiting you?
Nowadays, most customers have many devices/solutions in their Infra, and so much traffic is flowing in. But we don't know which traffic is good or which traffic is bad. So we need some solution that can give us the Intel to filter on that basis.
Recommendations to others considering the product:
If any company is looking for a consolidated threat intel solution that provides Threat Intel from multiple vendors, which include some free subscribers as well, Anomali ThreatSteam is the best SaaS based solution. We can create our threat intel as well and share it with others.