article featured image


The technology that Threat Intelligence Platforms (TIP) employ allows companies to gather, aggregate, and manage threat intelligence data from a variety of sources and formats. The information on already known malware and other security threats enables security teams to identify, investigate, and respond to risks rapidly and effectively.

Automation and simplification of the entire threat intelligence data collection, organization, and enrichment process; real-time monitoring, detection, and response to security vulnerabilities, and detailed information on current and potential security threats, but also documentation on threat actors’ techniques and procedures are the primary benefits of a threat intelligence platform. 

You can read about additional advantages and how a threat intelligence platform functions in one of my previous articles. 

Top 7 Open Source Threat Intelligence Platforms in 2022

Open source threat intelligence platforms make use of threat intelligence data obtained from publicly available open sources. Security forums and dedicated national and international security announcement lists are examples of these. 

Here are the best 7 threat intelligence platforms that you can choose to enhance your company’s cybersecurity: 

Anomali ThreatStream 

Anomali ThreatStream employs 140 open source feeds. Furthermore, users can supplement the information gathered by the TIP by purchasing (and evaluating) additional intelligence feeds from the Anomali App store. This extra information contextualizes threats, reducing the occurrence of false positives significantly.

Anomali ThreatStream gathers huge numbers of threat indicators to identify new attacks, using a precise machine-learning algorithm to assign scores to IoCs, which allows security teams to maximize mitigation tasks.

LookingGlass Cyber Solutions

LookingGlass collects both structured and unstructured data from more than 87 feeds but it also purchases additional commercial feeds separately.

By providing the most relevant data, LookingGlass ensures multinational organizations and government entities efficient, unified threat protection against complex cyberattacks.

Additionally, a global team of security analysts enriches the data feeds on the Looking Glass threat intelligence platform.

AT&T Cybersecurity 

AlienVault Labs and its extensive Open Threat Exchange (OTX), the largest crowd-sourced collaborative threat exchange in the world, provide threat intelligence to AT&T Cybersecurity’s Unified Security Management (USM).

USM is automatically updated every 30 minutes and provides centralized threat detection, incident response, and compliance management for cloud and on-premises environments.


AIS (Automated Indicator Sharing) is linked to the Department of Homeland Security (DHS). AIS facilitates the Federal Government and the private sector to quickly exchange cyber threat indicators. 

AIS employs two open standards: 

– the Structured Threat Information Expression (STIXTM) for cyber threat indicators and defensive measures information, and 

– the Trusted Automated Exchange of Indicator Information (TAXIITM) for machine-to-machine communications.

These standards enable the sharing of threat activity details (techniques, methods, processes, vulnerabilities, action plans) via a communications protocol.


The free community threat intelligence platform Pulsedive compiles open source feeds (examining huge numbers of IPs, domains, and URLs gathered from feeds and user submissions around the world), enriches IOCs and runs them using a risk-scoring algorithm that enhances data quality. 

Users can use Pulsedive to submit, find, correlate, and update IOCs, as well as list risk factors as to why IOCs are considered threats.


TypeDB Data – CTI is an excellent open source threat intelligence platform that enables companies to store and manage their cyber threat intelligence (CTI) knowledge, allowing threat intelligence professionals to gather fragmented CTI information into a single database and discover additional cyber threats insights. MITRE ATT&CK is an example dataset in its repository.

As exclusiveness of attribute values is a database guarantee, TypeDB allows links between hash values, IP addresses, or any other shared data value to be formed automatically. 

Any data type’s unique values are stored only once when attributes are added, and all future applications of those values are linked through associations.


Yeti is a repository for threat intelligence that is open, distributed, machine- and analyst-friendly, created by and for incident responders. The platform compiles threat intelligence, TTPs, indicators of compromise, and observables into a single, centralized repository while also automatically enriching the observables (e.g. resolve domains, geolocate IPs).

Conveniently enough, it has a user interface for humans and a web API interface for endpoints, allowing for simple integration with other tools that businesses may use.

Heimdal Official Logo
Experience Threat Hunting Like Never Before!
A revolutionary platform that provides security teams with an advanced risk-centric view of their entire IT landscape.
  • Granular telemetry across endpoints and networks.
  • Equipped with built-in hunting and action capabilities.
  • Pre-computed risk scores, indicators & detailed attack analysis.
  • A single pane of glass for intelligence, hunting, and response.
Find out More 30-day Free Trial. Offer valid only for companies.

Final Thoughts 

Hackers will never stop innovating and finding creating ways to carry out their malicious activities, so it’s mandatory for cybersecurity technology to keep up too. 

Businesses can benefit from the full depth of knowledge of the global cybersecurity community by using threat intelligence platforms, particularly open source ones. These tools’ data feeds get real-time updates from international professionals and enterprises, keeping you up to speed with every potential attack variation. 

Open source threat intelligence platforms are even more effective at preventing the most dangerous attacks when they are integrated with other security tools such as SIEM.

Make sure you drop a line below if you have any comments, questions or suggestions regarding open source threat intelligence platforms  – we are all ears and can’t wait to hear your opinion!


P.S. Did you enjoy this article? Follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!

Author Profile

Elena Georgescu

Communications & Social Media Coordinator | Heimdal®

linkedin icon

Elena Georgescu is a cybersecurity specialist within Heimdal™ and her main interests are mobile security, social engineering, and artificial intelligence. In her free time, she studies Psychology and Marketing. Some of her guest posts on other websites include: cybersecurity-magazine.com, cybersecuritymagazine.com, techpatio.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo