Anomali Reviews

Name: Anomali
Brand: Anomali
Rating: 4.0 (10 reviews)

Vendor: Anomali

4.0 out of 5

10 reviews
90% willing to recommend

Leave a review

What is Anomali?

Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.

Get the Anomali Buyer's Guide and find out what your peers are saying about Anomali, CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and more!

Anomali is the #4 ranked solution in top Threat Intelligence Platforms, #9 ranked solution in top User Entity Behavior Analytics (UEBA) solutions, #14 ranked solution in XDR Security products, #17 ranked solution in top Advanced Threat Protection (ATP) solutions, and #21 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give Anomali an average rating of 8.0 out of 10. Anomali is most commonly compared to CrowdStrike Falcon: Anomali vs CrowdStrike Falcon. Anomali is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Helped 899,258 peers since 2012

Featured Anomali reviews

TarunKumar11

Member Of Leadership Advisory Council at a tech company with 10,001+ employees

Anomali can be improved in various aspects. Its AI-driven automation can further advance, and AI-powered investigation summaries can improve. User experience could be enhanced through simplification of workflows. Better board-level cyber risk dashboards could provide easier visualization. Additionally, Anomali could work on simplifying the pricing structure. Although it excels in threat intelligence aggregation and operationalization, stronger GenAI capability, improved executive reporting, and a more intuitive workflow for analysts would further increase SOC efficiency and add more business value. Regarding Anomali's AI capabilities, governance and security are quite good. Anomali has incorporated AI and machine learning primarily to improve correlation and prioritization. These capabilities are valuable but could be more mature. The platform could achieve better threat correlation, prioritization, more anomaly detection, and allow AI to accelerate intelligence analysis while further improving quality and relevance. The accuracy and reliability of Anomali's AI output are fairly reasonable and good. The AI engine works well, but this capability could be improved. Better threat correlation with threat actors, certain indicators of compromise, malware, and campaigns is possible. Threat prioritization could increase, and alert noise could be reduced through further de-duplication. While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon.

Read full review

reviewer2843913

Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees

The best features Anomali offers are that it acts as an application that pulls data from different solutions. As I mentioned earlier, we utilize Mandiant, Flashpoint, and other CTI solutions. Using Anomali, I push all the results into it, providing a single UI to see what Flashpoint and Google Mandiant are providing rather than jumping into different platforms, which can be time-consuming. Anomali helps us stay on a single platform and provides the required results. The user interface in Anomali is very good. I have worked in Anomali for five years and think they have a great UI for writing queries and finding specific results much more efficiently than in other solutions where you need to scroll down through different widgets. Anomali has a query-based language, similar to SQL, that helps us dig out specific results, whether vulnerability-related or concerning threat actors and TTPs. We can also perform string-based searches. I think it's an awesome feature. Furthermore, regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall. Anomali has positively impacted my organization by reducing the time required to find intel specific to our needs. We can create our own queries specific to our organization and pull out results related to any posts within the dark web or any activities from threat actors targeting us. This capability enables us to create saved searches that provide exact results. I estimate that Anomali has saved me about 30% of my time.

Read full review

reviewer2845392

Security Consultant at a tech vendor with 10,001+ employees

I think that Anomali could be improved by addressing a major weakness, which is the issue of its integrators. The capacity they have when publishing a large number of indicators is quite limited. This makes it almost indispensable to set up one integrator per control, which is not efficient. It should have a much larger capacity to publish the application on a single server and for that server to handle a large quantity and volume of indicators.Regarding the web interface, there are several problems when it comes to administration. These integrators publish a web interface that after a while generates quite a few errors and the service has to be restarted quite a lot in order to administer it, which is not efficient.

Read full review

Anomali mindshare

Product category:

As of June 2026, the mindshare of Anomali in the Threat Intelligence Platforms (TIP) category stands at 3.7%, down from 4.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Threat Intelligence Platforms (TIP) Mindshare Distribution
Product	Mindshare (%)
Anomali	3.7%
Recorded Future	6.7%
CrowdStrike Falcon	4.5%
Other	85.1%

Threat Intelligence Platforms (TIP)

PeerResearch reports based on Anomali reviews

Type	Title	Date
Category	Threat Intelligence Platforms (TIP)	Jun 13, 2026	Download
Product	Reviews, tips, and advice from real users	Jun 13, 2026	Download
Comparison	Anomali vs Recorded Future	Jun 13, 2026	Download
Comparison	Anomali vs CrowdStrike Falcon	Jun 13, 2026	Download
Comparison	Anomali vs Check Point Security Management	Jun 13, 2026	Download

Valuable Features

Anomali's most valuable features include threat intelligence operationalization, mature intelligence platform, extensive feed aggregation, automation for reducing manual efforts, and strong integration capabilities. It aids various organizations in incident response, enhancing threat visibility, and efficient resource use. The platform's query-based language offers specific results, while its dashboarding provides comprehensive visibility into threats. API functionality supports automation, and its scoring method aids in prioritizing alerts effectively, significantly improving cyber risk management and vulnerability prioritization.

"Anomali has positively impacted my organization and my clients by helping them improve threat visibility, accelerate incident response, and make better use of their resources."
"Anomali has positively impacted my organization because earlier we were not using any TIP format and were just dependent on open source, which gave us tons of irrelevant alerts, but with Anomali, we now get very specific and targeted alerts, allowing us to navigate through a handful of alerts that are applicable to us and saving a ton of working hours."
"Anomali has impacted my organization positively because our SOC team, which is actively monitoring all the tools—either SIM, SOAR, or threat intelligence platform—operates in multiple shifts."

Room for Improvement

Anomali's areas for enhancement include refining the intelligence sharing and tagging system within the community, advancing AI-driven automation and investigation summaries, and simplifying workflows and user interfaces for better usability. Improving threat correlation and prioritization, reducing alert noise, and enhancing executive reporting would add value. Integration capabilities could be expanded with more out-of-the-box connectors. User experience could benefit from a global cyberattack heat map and improved email notifications for leadership.

"While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon."
"I believe Anomali could be improved by making the user interface more user-friendly."
"Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side."

Pricing

Anomali's pricing for enterprise solutions falls in the medium to high range compared to other products. Users express satisfaction with the yearly or two-year contracts, aligning with budget expectations. While pricing and licensing are generally favorable, the cost of purchasing threat feeds may be complex and slightly high. Setup costs vary, often managed by senior staff, with users finding it essential to consider these costs before integrating the solution.

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

Popular Use Cases

The primary use case for Anomali involves threat hunting, intelligence gathering, and operationalization within security operations. It helps organizations aggregate, enrich, and correlate threat intelligence using artificial intelligence. Users integrate Anomali with various security tools like Splunk and CrowdStrike to block indicators of compromise, automate processes, and enhance detection and incident response. Anomali's integrations, real-time checks, and reporting aid in prioritizing threats and maintaining a proactive security posture.

Service and Support

Anomali's customer service is generally responsive and well-regarded for technical support, providing dedicated account managers and regular updates for larger users. Response time can be within 24 to 48 hours, although smaller users may experience less attention and performance inconsistencies. Some users observe a decline in service quality, citing delays and unprofessional excuses. Technical expertise and support during incidents are praised, but issues arise when limited tool capabilities impact support effectiveness.

Deployment

Anomali's initial setup is described as easy by many users, taking around three months for deployment and up to a year for full operationalization. Costs vary based on the number of modules, analysts, and feeds, with global enterprises spending up to five hundred thousand dollars. SaaS deployments are generally cheaper. Integration requires technical and architectural expertise and involves several individuals. The vendor takes care of ongoing maintenance. Users find installation straightforward.

Scalability

Anomali offers impressive adaptability, performing smoothly on its cloud platform. Known for handling large volumes of threat intelligence and indicators of compromise, it seamlessly integrates with security infrastructures like SIEM and EDRs. Users report that it caters well to organizational growth and expansion, storing millions of indicators efficiently. With its robust scalability, Anomali matches varied organizational needs, from small teams to large enterprises.

Stability

Users report Anomali is stable with no downtime experienced. It scales well for large clients and is suitable for 24/7 operations. They praise its reliability in threat feed updates, automation, API integrations, and global enterprise support. Some find it seamless without lag during peak hours. A health check page aids in tracking real-time status. However, some encountered issues with sudden platform function changes, warranting better consideration of user adaptation time.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Anomali Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	1
Large Enterprise	9

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	132
Midsize Enterprise	56
Large Enterprise	194

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

14%

Manufacturing Company

10%

Construction Company

Computer Software Company

Healthcare Company

Comms Service Provider

Educational Organization

Government

University

Outsourcing Company

Retailer

Marketing Services Firm

Performing Arts

Insurance Company

Real Estate/Law Firm

Energy/Utilities Company

Transportation Company

Media Company

Pharma/Biotech Company

Wholesaler/Distributor

Consumer Goods Company

Logistics Company

Hospitality Company

Legal Firm

Aerospace/Defense Firm

Religious Institution

Non Profit

Compare Anomali with alternative products

Learn more about Anomali

Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.

What are Anomali's Key Features?

Threat Intelligence: Provides concise and user-friendly intelligence.
Threat Modeling: Enables prioritization and efficient organization of intelligence.
Credential Monitoring: Performs quickly with efficient dataset handling.
API Automation: Supports large-scale automation for robust intelligence management.
Adaptability: Offers capabilities to grow beyond initial use cases.

Which Benefits or ROI Should Users Consider?

Efficient Intelligence Collection: Quickly gathers and organizes data for use.
Enhanced Threat Analysis: Correlates data effectively for proactive security.
Automation Support: Saves time with extensive API capabilities.
Scalability: Adapts and scales with emerging security needs.

Anomali serves as a crucial tool for threat intelligence in industries ranging from finance to healthcare. Organizations stream threat feeds into Anomali to correlate and aggregate data, enhancing security measures and facilitating thorough threat investigations. Its adaptability makes it suitable across different sectors.

Anomali was previously known as Match, Lens, ThreatStream, STAXX, Anomali Security Analytics.

Anomali customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.5%	97%	140 interviews Add to research
Cortex XDR by Palo Alto Networks	4.2	N/A	96%	112 interviews Add to research

Author info	Rating	Review Summary
Member Of Leadership Advisory Council at a tech company with 10,001+ employees	4.0	I recommend Anomali as a mature, enterprise-grade threat intelligence platform, excelling in operationalization, aggregation, and AI-driven enrichment. It significantly improves analyst productivity and incident response. While strong, its AI capabilities and user experience could still advance further.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees	4.0	Anomali excels at centralizing threat intelligence from various sources, integrating with SIEMs like Splunk, and saving significant time. Its UI and querying are great, though I'd like to see global attack heat maps and improved credential monitoring. I highly recommend it.
Security Consultant at a tech vendor with 10,001+ employees	4.0	I find Anomali a versatile, stable, and effective threat intelligence platform for IoCs, greatly improving operational efficiency. However, its integrators have limited capacity for large deployments, requiring many instances and causing administrative challenges.
Sr. Threat Intelligence Analyst at a tech vendor with 10,001+ employees	4.0	I find Anomali a stable, scalable TIP, valuing its intel scoring and targeted alerts that save significant time. However, I believe the user interface needs simplification for broader accessibility and easier integration with open-source tools.
Enterprise Security Architect V at FirstEnergy	4.0	We use Anomali as our central threat intelligence platform to store and correlate various feeds, enabling proactive threat hunting. Its powerful API supports our automation needs. While promising, the AI features still need improvement as technology advances.
Associate Consultant at a tech vendor with 1,001-5,000 employees	4.0	I used Anomali's TIP and analytics to proactively integrate threat intelligence, blocking malicious activity across our security controls. This reduced our attack surface, improved vulnerability management, and significantly cut down alerts, saving me considerable time.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees	4.5	I use Anomali for threat hunting and intelligence operationalization, valuing its threat modeling capabilities. Improvements are needed in its community intelligence sharing and tagging system. I've evaluated alternatives like Recorded Future and Mandiant Advantage but still use Anomali.
Security Analyst L2 at a financial services firm with 10,001+ employees	4.0	I primarily use Anomali for threat intelligence, blocking malicious URLs and hashes. Its dashboard positively impacts our SOC by improving MTTR. I'd like dashboard enhancements. Overall, I rate this stable solution 8/10.

Anomali Reviews

What is Anomali?

Featured Anomali reviews

Anomali mindshare

PeerResearch reports based on Anomali reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Anomali with alternative products

Learn more about Anomali

Anomali customers

Related questions

Product Categories

Popular Comparisons