Simplify threat intelligence workflows with Feedly & Anomali

15-sec summary

Feedly’s integration with Anomali ThreatStream simplifies and accelerates threat intelligence workflows by directly delivering highly relevant intelligence into your platform.

With this no-code integration, you can:

• Collect relevant and enriched threat intelligence in your AI Feeds and Boards.
• Seamlessly ingest IoCs, CVEs, TTPs, threat actors, and malware data with context into ThreatStream.
• Correlate Feedly and Anomali data to enhance your investigative workflows.

Streamline threat detection and response with enriched, actionable intelligence from Feedly and Anomali.

Anomali’s ThreatStream, a leading threat intelligence platform (TIP), empowers security teams to aggregate, analyze, and act on diverse threat intelligence data. However, irrelevant data or data without context has little value. Relying on open-source or info-sharing feeds in Anomali can introduce noise, overwhelm your analysts, cause alert fatigue, and impede investigations. Feedly now integrates seamlessly with ThreatStream to provide relevant, context-rich feeds that minimize noise, improve analyst productivity, and enable intelligence-informed defenses.

Collect relevant threat intelligence in your AI Feeds and Boards

Feedly AI Feeds scour millions of open sources for relevant articles aligned to your intelligence requirements. These Feeds are fully customizable and collect articles in real-time as they are published, so you always have the latest information. The articles are then enriched, extracting entities and objects such as threat actors, IoCs, TTPs, malware, and vulnerabilities and correlated against the Feedly Threat Graph to understand relationships.

Important articles can be saved to Team Boards for collaboration or reference.

All this data is accessible within the Feedly UI or via the API in rich STIX-formatted JSON.

Seamlessly ingest IoCs, CVEs, TTPs,… with context into ThreatStream

Feedly’s no-code integration with ThreatStream makes ingesting data such as IoCs, CVEs, TTPs, threat actors, and malware easy.

• Generate a Feedly API Token
• Locate the Stream ID of your Feed or Board
• Copy and add it to Anomali

Once connected, you can specify the frequency and the data elements you want to ingest.

Go into your organization’s account settings and generate a Feedly API Token.

Select the three “more” dots within the AI Feed or Board and choose ‘Sharing’.

Scroll down and copy the Stream ID.

Go into your ThreatStream account, select “manage” in the Feedly integration, and paste the Feedly Stream ID to begin receiving relevant intelligence with context from Feedly.

Correlate Feedly and Anomali data to enhance your investigative workflows

Anomali empowers teams to correlate and analyze diverse threat intelligence from Feedly alongside commercial and internal data sources. The enriched, scored, and contextualized data is seamlessly integrated into ThreatStream’s workbench, enabling efficient threat investigations, report generation, and adversary tracking.

Advanced workflows further enhance operations by automatically routing this actionable intelligence to SIEMs, firewalls, and EDR tools, streamlining response times and supporting faster, more informed decision-making.

A malware file hash is ingested from Feedly, enriched with other sources, and assigned a confidence score.

Dive deeper into a threat bulletin with full context.

Minimize noise and enrich data to accelerate threat responses

Feedly AI sharpens the focus to improve the relevance of threat feeds and enriches them with actionable contextual data. The no-code integration with Anomali ThreatStream enables teams to seamlessly ingest and process detailed, comprehensive threat intelligence so your team’s responses are quicker and your defenses are stronger.