Anomali Integration with Threater

Anomali and Threater have joined forces to make threat intelligence more actionable, automated, and scalable.

Threater and Anomali have partnered to make threat intelligence more actionable, automated, and scalable. This powerful integration enables organizations to strengthen network defense by proactively using threat intelligence from the Anomali Threat Platform and the Threater platform to block IP and domain-based threats before they hit your network.

The ability to take action on threat intelligence is critical to maximizing its value. However, organizations often face challenges integrating threat intelligence into traditional network security controls like firewalls. Most firewalls have limited capacity to integrate third-party threat intelligence indicators, and managing external blocklists in firewalls is complex and time consuming.

Alternate Threater logo
anomali logo


Strengthen network defense by taking action with Anomali threat intelligence to prevent inbound and outbound connections to malicious IPs and domains.

Reduce staff workload by automating IP and domain block listing at scale.

Maximize threat intelligence ROI by making it actionable and increase the ROI and efficiency of existing nextgeneration firewall investments.


Threater integrates threat intelligence from the Anomali Threat Platform and other sources to block up to 150 million known malicious IPs and domains before they hit your network.

Anomali threat intelligence is automatically updated in the Threater platform, ensuring always-current network protection and reduced manual workloads.

Threat intelligence-driven context from the network edge via the Threater platform enhances the value of Anomali threat intelligence with increased visibility into malicious IP and domain activity on your network.

Threater Provides Smart, Simple, & Scalable Network Security Everywhere

Threater blocks known bad traffic at scale using a combination of simple, innovative technology and best-in-class threat intelligence. We provide 30 million “out of the box” threat indicators from the world’s best sources and offer over 50 point-and-click integrations and connectors: ISACs, ISAOs, Threat Intelligence Platforms (TIPs), SIEMs, SOARs, or any other IP or domain based source.

Policy enforcement and blocking is handled by our Threater appliances, which can block up to 150M threat indicators in real-time with no latency. Threater inspects inbound and outbound traffic and makes simple, policy-based allow or deny decisions based on threat intelligence (IP reputation, block lists, allow lists), GEO-IP, and/or Autonomous System Number (ASN).

Threater can be flexibly deployed on physical, virtual or cloud appliances, as a cloud-based service or any combination of these. Regardless of deployment, we can protect your users and networks everywhere and our cloud-based Management Portal gives you a central point of visibility and control.

As data flows through Threater appliances, the Threater platform generates a significant amount of data that helps you analyze your security posture, identify and remediate threats in real time, and easily solve for false positives. Non-PII metadata is sent to our Global Management Center to allow quick analysis of your security posture and detailed data is sent to any SIEM, Syslog server or security analytics tool of your choice for further detailed analysis.

The Threater-Anomali Integration — Using Threat Intelligence to Proactively Block Threats at Scale

The Threater platform can easily integrate and take action using threat intelligence from the Anomali Platform blocking connections to/from known malicious IPs and domains before they hit your network. Users can easily create automated IP and domain blacklists based on threat indicators from the Anomali platform. Additionally, using the “out-of-the-box” Anomali plugin available in the Threater cloud-based Management Portal, users can integrate IP indicators from Anomali into Threat Lists in the Threater platform. Threat Lists are categorized and scored IP indicators. Users can choose the Categories and Confidence Scores that are integrated into Threater. Indicators, Categories, and Scores are dynamically updated in real-time.

Anomali IPv4 Configuration Screenshot

The integration of the Anomali and Threater platforms strengthens network security, reduces manual workloads, and maximizes threat intelligence ROI by making it actionable.

Want to Learn More?
Contact Us.

Threater welcomes your questions. Please fill out the Contact Form and a Threater team member will reply within one business day.