← Threat IntelligenceAnomali ThreatStream

AdequateStrongAdequateAdequate

4.2

Vendors › Threat Intelligence › Anomali ThreatStream

Anomali ThreatStream

Name: Anomali ThreatStream
Rating: 4.2 (200 reviews)
Author: Anomali

Anomali

Founded 2013·US·PE-backed

4.2

Combined score

4.180

Gartner

4.3120

▪ Editorial verdict

Anomali ThreatStream has built the broadest threat feed aggregation in the TIP market: 100 plus pre-integrated OSINT feeds combined with 200 plus premium feeds available through the Anomali Marketplace creates a single normalisation and deduplication layer that eliminates the operational overhead of managing multiple separate feed subscriptions. The ThreatStream AI tiers launched in June 2025 add automated threat analysis that reduces the manual effort required to operationalise the aggregated intelligence.

The limitation is intelligence depth. ThreatStream is primarily an aggregation and management platform. The proprietary intelligence that Recorded Future, Mandiant, and CrowdStrike generate from their own unique telemetry sources is not something ThreatStream produces. Organisations that need both breadth of aggregation and depth of proprietary intelligence will need both platforms.

The verdict: Anomali ThreatStream is right for organisations wanting maximum threat feed aggregation breadth from a single normalisation platform with strong SIEM integration. Organisations wanting deep proprietary intelligence should evaluate Recorded Future or CrowdStrike Falcon Adversary Intelligence.

Last reviewed: May 2026

4.180 reviews

Gartner

4.3120 reviews

Gartner MQ: Niche Player (Gartner TI MQ 2024)

Threat Intelligence assessment

PROTECTIONAdequate

Intelligence depth

3 / 5

Threat actor coverage

4 / 5

OPERATIONSStrong

Workflow integration

5 / 5

Feed freshness

3 / 5

ANALYTICSAdequate

Attribution & analysis

3 / 5

TRUST & ECOSYSTEMAdequate

Source quality & accuracy

3 / 5

Strongest: Workflow integration

Watch out for: Source quality & accuracy

Strengths & limitations

Strengths

●Strong aggregation of 180+ threat feed sources into one platform

●STAXX — free community IOC sharing platform

●Good for organisations standardising on STIX/TAXII across multiple feed sources

Watch out for

●G2 rating lower than category peers — analyst UX cited as dated

●Gartner Niche Player — less innovation than Leaders

●Support quality variable according to reviews

Best for

Enterprises needing a single TIP to aggregate and normalise multiple threat feed sources across STIX/TAXII standards.

Not suitable for: Organisations wanting finished intelligence analysis — ThreatStream aggregates feeds but doesn't produce intelligence.

Compliance coverage

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●GDPR

●ISO 27001

○Essential Eight

○AU Privacy Act

○CMMC

○NIS2

○DORA

○CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Manual feed aggregation
MISP (scale-up)

Also considering

Vendors typically shortlisted alongside

← Back to Threat Intelligence Compare with other Threat Intelligence vendors →

Quick facts

Pricing modelper analyst/year; TIP platform licensing

Pricing range$20,000-100,000+/year

Free trialNo

Min seatsNo minimum

Deployment time2-4 weeks

Complexity3 / 5

Pricing transparency2 / 5

AU presenceNo

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportCloud-native, On-premises

CloudAWS, Azure

SupportPhone, Email, Dedicated CSM

Data residencyUS, EU

Company

Anomali

Founded 2013 · 200-400 employees · PE-backed

HQ: US

$30M+ ARR est.

Certifications

SOC 2 Type II, ISO 27001, FedRAMP

Integrations

SplunkIBM QRadarMicrosoft SentinelCrowdStrikePalo AltoServiceNowMISP180+ threat feeds