Skip to main content
Skip table of contents

Flat File - Anomali

Device Details



Device Type

Threat Feed

Supported Model Name/Number


Supported Software Version(s)


Collection Method

STIX/TAXII, added in early 2018

Configurable Log Output?

LogRhythm Threat Intelligence Service

Log Source Type


Log Processing Policy




Additional Information

URL Normalization with the TIS Feed can massage how the URL List would come out and match the format of the URL field of the log source. URL Normalization Regex is discussed on the LogRhythm Community.


  • Active subscription to the Anomali threat feed
  • LogRhythm’s free Threat Intelligence Service installed

Device Configuration Checklist

  1. Setup the TAXII feed with Anomali. You must first have a valid subscription.

  2. Configure the TIS service according to the instructions in the Threat Intelligence Service User Guide, available under Documentation & Downloads on the LogRhythm Community

  3. Enable and download the TIS: Anomali KB.

  4. Enable and download the TIS: Anomali KB.

  5. Verify the relevant lists are populating. Create new lists as needed for auto-import. For assistance, contact Professional Services.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.