Anomali ThreatStream logo

Anomali ThreatStream

The Polarity - Anomali Threatstream integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with Anomali Threatstream, 1 that enables a user to see the threat information on indicators and one to bulk submit indicators to Anomali, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - Anomali Threatstream - provides context around indicators in Threatstream. Polarity Anomali Threatstream IOC Submission - enables analysts to bulk submit IOCs to Threatstream.

Anomali Threatstream Solutions:

Security Operations, Threat Hunting, Incident Response

Configuring Anomali ThreatStream

This integration requires you to complete a few extra steps in order to use it.

In order to use the Polarity - Anomali Threatstream integrations, a username, API Key, and Anomali server URLs are required.

Both Anomali Threatstream and the IOC submission integrations require the same configuration options.

Configuration Options

Indicator Types - IPs, Emails, Hashes, Domains, Urls

API Server Url - The URL for your ThreatStream API server which should include the schema (i.e., http, https) and port if required. This is separate from the UI use to access Threatstream.

UI Server URL - The URL for your ThreatStream UI server which should include the schema (i.e., http, https) and port if required.

Username - Username of the Threatstream user you are trying to authenticate as.

API Key - API Key for the provided user. To create an API key within Anomali, please navigate to your account to generate the key.

**Minimum Severity Level **- Severity level required for indicators to be displayed. The lower the severity level the more indicators will be displayed.

Minimum Confidence Level - Confidence level required for indicators to be displayed. The lower the severity level the more indicators will be displayed.

Search My Organization - Only your organization’s data will be searched if this option is selected.

Active Threats Only - If selected, Polarity will only search for “active” indicators.

Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from Threatstream.