article featured image


The technology that Threat Intelligence Platforms (TIP) use lets companies gather, aggregate, and manage threat intelligence data from a variety of sources and formats.

The data on already-known malware and other security threats helps security teams to identify, investigate, and respond to risks rapidly and effectively.

Automation and simplification of the entire threat intelligence data collection, organization, and enrichment process; real-time monitoring, detection, and response to security vulnerabilities, and detailed information on current and potential security threats, but also documentation on threat actors’ techniques and procedures are the primary benefits of a threat intelligence platform. 

You can read about more advantages and how a threat intelligence platform works in one of my previous articles.

Top 7 Open Source Threat Intelligence Platforms in 2024

Open source threat intelligence platforms make use of threat intelligence data obtained from publicly available open sources. Security forums and national and international security announcement lists are examples.

Here are the best 7 threat intelligence platforms that you can choose to enhance your company’s cybersecurity: 

Anomali ThreatStream 

Anomali ThreatStream uses 140 open source feeds. Users can also buy more intelligence feeds from the Anomali App store. This extra information gives context to threats, which cuts down on false positives.

Anomali ThreatStream gathers many threat indicators to find new attacks. It uses a machine-learning algorithm to score IoCs, helping security teams maximize mitigation tasks.

LookingGlass Cyber Solutions

LookingGlass collects both structured and unstructured data from more than 87 feeds. It also buys extra commercial feeds.

By providing relevant data, LookingGlass helps multinational organizations and governments with unified threat protection against complex cyberattacks.

Additionally, a global team of security analysts adds value to the data feeds on the Looking Glass threat intelligence platform.

AT&T Cybersecurity 

AlienVault Labs and its extensive Open Threat Exchange (OTX), the largest crowd-sourced collaborative threat exchange in the world, provide cyberthreat intelligence to AT&T Cybersecurity’s Unified Security Management (USM).

USM updates every 30 minutes and provides centralized threat detection, incident response, and compliance management for cloud and on-premises environments.


AIS (Automated Indicator Sharing) is linked to the Department of Homeland Security (DHS). The AIS service facilitates the Federal Government and the private sector to quickly exchange cyber threat indicators. 

AIS employs two open standards: 

– the Structured Threat Information Expression (STIXTM) for cyber threat indicators and defensive measures information, and 

– the Trusted Automated Exchange of Indicator Information (TAXIITM) for machine-to-machine communications.

These standards allow sharing of threat activity details (techniques, methods, processes, vulnerabilities, action plans) via a communications protocol.


The free community threat intelligence database Pulsedive compiles open source feeds (examining huge numbers of IPs, domains, and URLs gathered from feeds and user submissions around the world), enriches IOCs and runs them using a risk-scoring algorithm that enhances data quality. 

Users can use Pulsedive to submit, find, correlate, and update IOCs, as well as list risk factors as to why IOCs are considered threats.


TypeDB Data – CTI is an excellent open source threat intelligence platform that enables companies to store and manage their cyber threat intelligence (CTI) knowledge.

It helps professionals gather fragmented CTI information into a single database and discover additional cyber threats insights. MITRE ATT&CK is an example dataset in its repository.

As exclusiveness of attribute values is a database guarantee, TypeDB allows links between hash values, IP addresses, or any other shared data value to be formed automatically. 

Any data type’s unique values are stored only once when attributes are added, and all future applications of those values are linked through associations.


Yeti is a repository for cyber threat intelligence that is open, distributed, machine- and analyst-friendly, created by and for incident responders. The platform compiles threat intelligence, TTPs, indicators of compromise, and observables into a single, centralized repository while also automatically enriching the observables (e.g. resolve domains, geolocate IPs).

Conveniently enough, it has a user interface for humans and a web API interface for endpoints, allowing for simple integration with other tools that businesses may use.

Heimdal® Threat Hunting and Action Center

If you’re looking to invest in a platform with built-in threat hunting capabilities, give Heimdal a go. The Heimdal® Threat-Hunting and Action Center offers an advanced threat-centric view, granular telemetry, and built-in hunting and action capabilities, all manageable from a unified interface.

Efficient, comprehensive, and evolving with cyber threats.

Heimdal Official Logo
Experience Threat Hunting Like Never Before!
A revolutionary platform that provides security teams with an advanced risk-centric view of their entire IT landscape.
  • Granular telemetry across endpoints and networks.
  • Equipped with built-in hunting and action capabilities.
  • Pre-computed risk scores, indicators & detailed attack analysis.
  • A single pane of glass for intelligence, hunting, and response.
Find out More 30-day Free Trial. Offer valid only for companies.

Final thoughts

Threat actors will never stop creating ways to carry out their attacks, so cybersecurity technology must keep up too.

Businesses can benefit from the full depth of knowledge of the global cybersecurity community by using cyber threat intelligence platforms, particularly open source ones.

These tools’ data feeds get real-time updates from international professionals and enterprises, keeping you up to speed with every potential attack variation. 

Open source platforms are even more effective at preventing the most dangerous attacks when they are integrated with other security tools such as SIEM.

Make sure you drop a line below if you have any comments, questions or suggestions regarding open source TIPs  – we are all ears and can’t wait to hear your opinion!


P.S. Did you enjoy this article? Follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!

Additional resources

If you want to learn more about threat hunting, check out our Threat-Hunting Series on Youtube:


What is open source threat intelligence (OSINT)?

Open source threat intelligence (OSINT) involves gathering and analyzing publicly available data to identify and mitigate security threats. It uses information from sources like websites, forums, and social media to provide insights into potential cyber threats.

What is the best open source tool for cyber threat intelligence?

The best open source tool for cyber threat intelligence can vary based on specific needs. Hopefully, the list above can be a starting point for you, as each platform is offering unique features and capabilities to enhance cybersecurity efforts.

How does integrating threat data with security tools improve effectiveness?

Integrating threat data with tools like SIEM improves effectiveness by enabling real-time threat detection and response. This combination provides a complete security view, ensuring that emerging threats are quickly identified and neutralized.

Is OSINT legal?

Yes, OSINT is legal as it involves collecting information from publicly accessible sources. The use of the gathered information must comply with laws and regulations to ensure ethical practices.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.