The best features Anomali offers are that it acts as an application that pulls data from different solutions. As I mentioned earlier, we utilize Mandiant, Flashpoint, and other CTI solutions. Using Anomali, I push all the results into it, providing a single UI to see what Flashpoint and Google Mandiant are providing rather than jumping into different platforms, which can be time-consuming. Anomali helps us stay on a single platform and provides the required results. The user interface in Anomali is very good. I have worked in Anomali for five years and think they have a great UI for writing queries and finding specific results much more efficiently than in other solutions where you need to scroll down through different widgets. Anomali has a query-based language, similar to SQL, that helps us dig out specific results, whether vulnerability-related or concerning threat actors and TTPs. We can also perform string-based searches. I think it's an awesome feature. Furthermore, regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall. Anomali has positively impacted my organization by reducing the time required to find intel specific to our needs. We can create our own queries specific to our organization and pull out results related to any posts within the dark web or any activities from threat actors targeting us. This capability enables us to create saved searches that provide exact results. I estimate that Anomali has saved me about 30% of my time.
