Security Consultant at a tech vendor with 10,001+ employees
Real User
Top 20
May 22, 2026
I think that Anomali could be improved by addressing a major weakness, which is the issue of its integrators. The capacity they have when publishing a large number of indicators is quite limited. This makes it almost indispensable to set up one integrator per control, which is not efficient. It should have a much larger capacity to publish the application on a single server and for that server to handle a large quantity and volume of indicators.Regarding the web interface, there are several problems when it comes to administration. These integrators publish a web interface that after a while generates quite a few errors and the service has to be restarted quite a lot in order to administer it, which is not efficient.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Real User
Top 10
May 21, 2026
In terms of improvements, I think Anomali has a good UI and integration capabilities. However, one area for improvement is providing a heat map of cyberattacks around the world. It would be helpful to have a list of which countries are facing the most attacks or experiencing major data breaches, and I think those areas could be enhanced. One more improvement I would mention is regarding compromised credential monitoring. Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials. Expanding in that area could significantly enhance its utility.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
Real User
Top 20
Apr 28, 2025
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves. This would improve intelligence collection across Anomali.
Managing Member at a tech vendor with self employed
Real User
Mar 12, 2023
I think that this solution should improve its integrations. This part of the solution could be bigger and moved into the no-code direction. Less code in integration would be nice when building blocks.
Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.What are Anomali's Key Features?
Threat Intelligence: Provides concise and...
I think that Anomali could be improved by addressing a major weakness, which is the issue of its integrators. The capacity they have when publishing a large number of indicators is quite limited. This makes it almost indispensable to set up one integrator per control, which is not efficient. It should have a much larger capacity to publish the application on a single server and for that server to handle a large quantity and volume of indicators.Regarding the web interface, there are several problems when it comes to administration. These integrators publish a web interface that after a while generates quite a few errors and the service has to be restarted quite a lot in order to administer it, which is not efficient.
In terms of improvements, I think Anomali has a good UI and integration capabilities. However, one area for improvement is providing a heat map of cyberattacks around the world. It would be helpful to have a list of which countries are facing the most attacks or experiencing major data breaches, and I think those areas could be enhanced. One more improvement I would mention is regarding compromised credential monitoring. Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials. Expanding in that area could significantly enhance its utility.
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves. This would improve intelligence collection across Anomali.
I think that this solution should improve its integrations. This part of the solution could be bigger and moved into the no-code direction. Less code in integration would be nice when building blocks.