Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Anomali

Anomali

Reviews from AWS customer

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

3 reviews
from and

External reviews are not included in the AWS star rating for the product.

    ChrisCollins

Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities

  • May 12, 2025
  • Review provided by PeerSpot

What is our primary use case?

We use Anomali as our threat intelligence platform for a variety of threat intelligence feeds that we subscribe to, needing a more central place to store everything so we can correlate which feeds have seen this indicator before and which haven't. This was the biggest use case for us to solve, which is why we went after it. It is definitely more than just a threat intel platform where we store all these indicators; it's almost very much a threat hunting tool that allows analysts to do investigations on those indicators and make connections, looking for other related things that we didn't necessarily see. It allows us to take a more proactive kind of approach.

What is most valuable?

The API is our most important feature. We are very much into automation, so being able to handle things programmatically at scale has been immensely powerful for us. We've evolved beyond just the two use cases I mentioned. One of the things we decided to do is utilize the Anomali API to push everything into that platform after sorting and normalizing everything. We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides. It's very adaptable; you can do a lot with it, making it a very powerful tool.

What needs improvement?

There is always room for improvement, as there are always new ideas. They have been dabbling with some AI functionality built into the platform, which is still very new, so there's a lot of improvement that could happen there, especially as the technology enhances.

For how long have I used the solution?

I have been using Anomali for about 7 or 8 years.

What was my experience with deployment of the solution?

The initial setup depends on which kind of deployment you choose; they offer both an on-prem solution and a Cloud deployment. If you choose the Cloud deployment, there's nothing you have to do; you just log in and start using it. It's pretty seamless. If you're using an on-prem setup, they provide an appliance for enterprise customers, and after subscribing, they ship you a device that you can set up by following their setup guide, which provides all the details and instructions.

What do I think about the stability of the solution?

Stability has been pretty seamless so far, but we've run into some issues more recently due to changes in how some platform functions operate. It doesn't seem they're considering enough how customers use those functions as they change them, and they don't give us enough time to adapt to those changes. For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.

What do I think about the scalability of the solution?

The scalability is massive, allowing us to store millions of indicators. Unless you have a threat intelligence platform, you can't scale to the level Anomali offers, especially compared to trying to do it in a SIEM tool such as Splunk or Sentinel. It seems almost unlimited; I'm sure there's a limit, but they do a good job of never allowing us to hit that limit.

How are customer service and support?

Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days. We'll receive excuses such as "I was out of the office" or "I forgot to follow up on this, I apologize." While they apologize, it doesn't seem very professional how they're handling support anymore.

How would you rate customer service and support?

Positive

What other advice do I have?

You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean.

My company is a customer of Anomali.

I would recommend it to other people.

I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform.

Overall, I would rate Anomali an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other

    Sai Puneeth Gundamraju

Effective threat modeling and intelligence prioritization streamline threat hunting

  • April 28, 2025
  • Review provided by PeerSpot

What is our primary use case?

I use Anomali for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for report writing and documentation.

What is most valuable?

The most valuable aspect of Anomali is the threat modeling capability. It collects threat intel documents and IOCs and allows us to tailor it to our needs and prioritize intelligence requirements (PIRs). This enables us to receive prioritized threat intelligence.

What needs improvement?

An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves. This would improve intelligence collection across Anomali.

For how long have I used the solution?

I have been using Anomali for the last six years.

What was my experience with deployment of the solution?

The initial deployment of Anomali was straightforward and went well.

What do I think about the stability of the solution?

I have not experienced any downtime with Anomali's cloud platform. It has been scaled very well.

What do I think about the scalability of the solution?

The scalability of Anomali is impressive, as indicated by the smooth operation of its cloud platform.

How are customer service and support?

The technical support at Anomali is excellent. They respond to inquiries within 24 to 48 hours.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used Recorded Future and Mandiant Advantage, which they bought from FireEye, in the past.

How was the initial setup?

The initial setup of Anomali was easy and took about three months to deploy. The full operationalization took around three quarters to one year.

What about the implementation team?

A dedicated engineer is needed for deployment, but for integrations and other tasks, multiple teams might be involved.

Which other solutions did I evaluate?

I have evaluated Recorded Future and Mandiant Advantage as alternatives to Anomali.

What other advice do I have?

For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer support success manager. This will effectively kickstart the journey. I rate the Anomali solution a solid nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other

    Information Technology and Services

Vendor Agnostic largest Threat Intel Database

  • October 12, 2021
  • Review provided by G2

What do you like best about the product?
Anomali is one of those Vendors which gives the complete Threat Intel regardless of Vendor. It has 15-16 vendors' free threat intel along with the other Top vendor's Threat Intels. Even customers can create their own Intel and share it with others.
What do you dislike about the product?
It should be a bit cost-friendly to support all types of customers. Also, it should support offline Threat downloads.
What problems is the product solving and how is that benefiting you?
Nowadays, most customers have many devices/solutions in their Infra, and so much traffic is flowing in. But we don't know which traffic is good or which traffic is bad. So we need some solution that can give us the Intel to filter on that basis.
Recommendations to others considering the product:
If any company is looking for a consolidated threat intel solution that provides Threat Intel from multiple vendors, which include some free subscribers as well, Anomali ThreatSteam is the best SaaS based solution. We can create our threat intel as well and share it with others.

showing 1 - 3