Security Consultant at a tech vendor with 10,001+ employees
Real User
Top 20
May 22, 2026
My main use case for Anomali in my organization is threat intelligence. We use threat intelligence with Anomali in my day-to-day work to query feeds.What we do is query those feeds looking for all kinds of indicators of compromise: IP, URL, and other indicators of compromise. They are evaluated according to the score given by Anomali, and we also do other processing for those indicators, validations for those indicators. After that analysis, they are integrated with the different security controls: firewalls, IPS, proxy, and among others. We also use it for hunting topics and security bulletins.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Real User
Top 10
May 21, 2026
My main use case for Anomali is that it helps me with intelligence gathering and dark web monitoring. It has good functionality of integration with other solutions like Google Mandiant and Flashpoint, which are other CTI solutions. It also integrates with other SIEM solutions such as Splunk, allowing us to push all the indicators of compromise and IOCs to the SIEM solution. We can customize based on the confidence score of this indicator; for instance, if the confidence score is over 75, we push it to Splunk for real-time sightings within the network. I think it's one of the awesome tools I've worked with to date. A specific example of how I've used Anomali for intelligence gathering or integration with Splunk is that Anomali captures all the latest intel from various sources, whether forums, open sources, articles published on social media, or researchers posting their findings in their blogs. It collects all the TTPs, IOCs, and captures them to publish within Anomali. We push those indicators to Splunk via an API-based integration for real-time checks within the network if there are any sightings or hits. Regarding my main use case with Anomali, while much of it is confidential, one unique capability is Anomali's TAXII/STIX based integration with different platforms. For instance, we recently integrated with the CISA platform run by the US government, which provides us with the latest advisories. They push all the results into Anomali, creating a single UI that helps us avoid jumping into various sources to find intel, which I think is a unique feature of Anomali.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
Real User
Top 20
Apr 28, 2025
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for report writing and documentation.
Managing Member at a tech vendor with self employed
Real User
Mar 12, 2023
Our primary use case for this solution is as a threat intelligence platform. We stream various threat feeds into this platform. We also make correlations between the feeds to duplicate the data, aggregate it and then present it to our security solutions for advanced security.
Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.What are Anomali's Key Features?
Threat Intelligence: Provides concise and...
My main use case for Anomali in my organization is threat intelligence. We use threat intelligence with Anomali in my day-to-day work to query feeds.What we do is query those feeds looking for all kinds of indicators of compromise: IP, URL, and other indicators of compromise. They are evaluated according to the score given by Anomali, and we also do other processing for those indicators, validations for those indicators. After that analysis, they are integrated with the different security controls: firewalls, IPS, proxy, and among others. We also use it for hunting topics and security bulletins.
My main use case for Anomali is that it helps me with intelligence gathering and dark web monitoring. It has good functionality of integration with other solutions like Google Mandiant and Flashpoint, which are other CTI solutions. It also integrates with other SIEM solutions such as Splunk, allowing us to push all the indicators of compromise and IOCs to the SIEM solution. We can customize based on the confidence score of this indicator; for instance, if the confidence score is over 75, we push it to Splunk for real-time sightings within the network. I think it's one of the awesome tools I've worked with to date. A specific example of how I've used Anomali for intelligence gathering or integration with Splunk is that Anomali captures all the latest intel from various sources, whether forums, open sources, articles published on social media, or researchers posting their findings in their blogs. It collects all the TTPs, IOCs, and captures them to publish within Anomali. We push those indicators to Splunk via an API-based integration for real-time checks within the network if there are any sightings or hits. Regarding my main use case with Anomali, while much of it is confidential, one unique capability is Anomali's TAXII/STIX based integration with different platforms. For instance, we recently integrated with the CISA platform run by the US government, which provides us with the latest advisories. They push all the results into Anomali, creating a single UI that helps us avoid jumping into various sources to find intel, which I think is a unique feature of Anomali.
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for report writing and documentation.
Our primary use case for this solution is as a threat intelligence platform. We stream various threat feeds into this platform. We also make correlations between the feeds to duplicate the data, aggregate it and then present it to our security solutions for advanced security.