Provider
You should find in this list everything you need to level up your SOC.
Threat Intelligence, Digital Risk Protection, Reputation Feed and CASB provider, extended with some SOAR and SIEM vendors.
Most of them are commercial. Order is alphabetical.
All Cloud Community Content DRP Domain API MITRE OSINT Phishing Rules SIEM SOAR SOC TI Whois darknet
AbuseIPDB
TI
Homepage: https://www.abuseipdb.com/
Browse: https://www.abuseipdb.com/statistics
Pricing: https://www.abuseipdb.com/pricing
Description:
IP Reputation Service - Free Plan with 1000 IPs / Day - AbuseIPDB is a project managed by Marathon Studios Inc. Our mission is to help make Web safer by providing a central repository for webmasters, system administrators, and other interested parties to report and identify IP addresses that have been associated with malicious activity online. We're committed to keeping AbuseIPDB fast, available and free for all of our users and contributors.
Browse: https://www.abuseipdb.com/statistics
Pricing: https://www.abuseipdb.com/pricing
Description:
IP Reputation Service - Free Plan with 1000 IPs / Day - AbuseIPDB is a project managed by Marathon Studios Inc. Our mission is to help make Web safer by providing a central repository for webmasters, system administrators, and other interested parties to report and identify IP addresses that have been associated with malicious activity online. We're committed to keeping AbuseIPDB fast, available and free for all of our users and contributors.
Anomli
TI
Homepage: https://www.anomali.com/
Description:
Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.
Description:
Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.
Binary Defense
Homepage: https://www.binarydefense.com/
Description:
With 86,400 seconds in a day, you need a trusted security partner to shield you for every single one. At Binary Defense, that’s the promise we make to our clients. We know that the best cybersecurity protection for your business takes a team of real people detecting real threats in real time.
Description:
With 86,400 seconds in a day, you need a trusted security partner to shield you for every single one. At Binary Defense, that’s the promise we make to our clients. We know that the best cybersecurity protection for your business takes a team of real people detecting real threats in real time.
Blueliv
TI
Homepage: https://www.blueliv.com/products/threat-intelligence-services-and-tools-blueliv/
Description:
Our mission is to empower our customers with collaborative, automated and targeted threat intelligence and help them managing their digital risk as quickly as the threat landscape evolve.
Description:
Our mission is to empower our customers with collaborative, automated and targeted threat intelligence and help them managing their digital risk as quickly as the threat landscape evolve.
Brightcloud
TI
Homepage: https://www.brightcloud.com/
Browse: https://www.brightcloud.com/tools/url-ip-lookup.php
Description:
BrightCloud Threat Intelligence Services for Threat Intelligence Partners. Web Classification and Reputation, IP Reputation, Real-Time Anti-Phishing, Streaming Malware Detection, File Reputation, Mobile Security SDK
Browse: https://www.brightcloud.com/tools/url-ip-lookup.php
Description:
BrightCloud Threat Intelligence Services for Threat Intelligence Partners. Web Classification and Reputation, IP Reputation, Real-Time Anti-Phishing, Streaming Malware Detection, File Reputation, Mobile Security SDK
Cofense
Phishing
Homepage: https://cofense.com/product-services/phishing-intelligence/
Description:
Cofense Intelligence delivers high-fidelity, phishing specific finished alerts and intelligence, providing accurate and timely assessments of both the current phishing threat landscape and emerging trends.
Description:
Cofense Intelligence delivers high-fidelity, phishing specific finished alerts and intelligence, providing accurate and timely assessments of both the current phishing threat landscape and emerging trends.
CybelAngel
DRP
Homepage: https://cybelangel.com/
Description:
CybelAngel is the only data leak detection platform that continuously and comprehensively monitors every layer of the internet.
Description:
CybelAngel is the only data leak detection platform that continuously and comprehensively monitors every layer of the internet.
DCSO
Homepage: https://dcso.de/de/services/threat-intelligence/
Description:
Managed Threat Intelligence Service with a sharing community for all connected customers.
Description:
Managed Threat Intelligence Service with a sharing community for all connected customers.
DarkOwl
darknet
Homepage: https://www.darkowl.com/
Description:
Search, monitor, and investigate content from current and historical darknet sites from the comfort of your browser.
Description:
Search, monitor, and investigate content from current and historical darknet sites from the comfort of your browser.
Digital Shadows
DRP
Homepage: https://www.digitalshadows.com/
Description:
Digital Risk Protection Software designed to protect you from external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation.
Description:
Digital Risk Protection Software designed to protect you from external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation.
EclecticIQ
Homepage: https://www.eclecticiq.com/fusion-center
Description:
EclecticIQ Fusion Center delivers thematic intelligence bundles, which provide you with a curated single source of relevant cyber threat intelligence from leading suppliers. You receive a unified delivery of STIX-compatible intelligence that’s optimized for your organization. The intelligence is qualified, clustered and categorized, which allows you to quickly apply your own priority and relevance.
Description:
EclecticIQ Fusion Center delivers thematic intelligence bundles, which provide you with a curated single source of relevant cyber threat intelligence from leading suppliers. You receive a unified delivery of STIX-compatible intelligence that’s optimized for your organization. The intelligence is qualified, clustered and categorized, which allows you to quickly apply your own priority and relevance.
Elastic
SIEM
Homepage: https://www.elastic.co/
Description:
Unify prevention, detection, and response to combat threats at scale. Operationalize any security use case: SIEM, malware prevention, threat hunting, cloud monitoring, and more.
Description:
Unify prevention, detection, and response to combat threats at scale. Operationalize any security use case: SIEM, malware prevention, threat hunting, cloud monitoring, and more.
Exabeam
SIEM
Homepage: https://www.exabeam.com/
Description:
Exabeam helps security teams outsmart the odds by adding intelligence to existing security tools – SIEMs, XDRs, cloud data lakes and hundreds of other Exabeam Technology Alliance Partner products. We provide out-of-the-box use cases – from collection to detection, triage, investigation and response – to deliver repeatable results.
Description:
Exabeam helps security teams outsmart the odds by adding intelligence to existing security tools – SIEMs, XDRs, cloud data lakes and hundreds of other Exabeam Technology Alliance Partner products. We provide out-of-the-box use cases – from collection to detection, triage, investigation and response – to deliver repeatable results.
Host.io
Whois
Domain API
Homepage: https://host.io/
Description:
A Powerful and Fast Domain Name Data API. Get comprehensive domain name data, uncover new domains and the relationships between them. Built for Cyber Security, Business Intelligence, Competitor Analysis, Market Research and more. Get DNS details, scraped website content, outbound links, backlinks, and other hosting details for any domain.
Description:
A Powerful and Fast Domain Name Data API. Get comprehensive domain name data, uncover new domains and the relationships between them. Built for Cyber Security, Business Intelligence, Competitor Analysis, Market Research and more. Get DNS details, scraped website content, outbound links, backlinks, and other hosting details for any domain.
Kaspersky Threat Intelligence
Homepage: https://www.kaspersky.com/enterprise-security/threat-intelligence
Description:
With petabytes of rich threat data to mine, advanced machine-learning technologies and a unique pool of world experts, we at Kaspersky Lab work to support you with the latest threat intelligence from all around the world, helping you maintain immunity to even previously unseen cyber-attacks.
Description:
With petabytes of rich threat data to mine, advanced machine-learning technologies and a unique pool of world experts, we at Kaspersky Lab work to support you with the latest threat intelligence from all around the world, helping you maintain immunity to even previously unseen cyber-attacks.
Malware Patrol
Community
Homepage: https://www.malwarepatrol.net/
Description:
The indicators of compromise (IOCs) collected by Malware Patrol are now used by thousands to protect networks and assets in more than 175 countries. Collecting, analyzing, and sharing data for over a decade has allowed us to develop an extensive network of sensors, sharing agreements, and community contributors. The result is our vast database of unique and historically rich – “intelligent” – threat data.
Description:
The indicators of compromise (IOCs) collected by Malware Patrol are now used by thousands to protect networks and assets in more than 175 countries. Collecting, analyzing, and sharing data for over a decade has allowed us to develop an extensive network of sensors, sharing agreements, and community contributors. The result is our vast database of unique and historically rich – “intelligent” – threat data.
Mandiant (FireEye) Threat Intelligence
Homepage: https://www.fireeye.com/solutions/cyber-threat-intelligence.html
Description:
FireEye Threat Intelligence provides a multi-layered approach to using intelligence within your security organization. Threat feeds are useful, but you also need the context surrounding an indicator to understand its implication to your organization. Tactical intelligence is good, but you also need strategic intelligence to understand what threats you face and how you need to align your defenses to address them. Operational intelligence is effective in quickly responding to an attack, but you also need intelligence that will allow you to move from reactive measures to proactive threat hunting.
Description:
FireEye Threat Intelligence provides a multi-layered approach to using intelligence within your security organization. Threat feeds are useful, but you also need the context surrounding an indicator to understand its implication to your organization. Tactical intelligence is good, but you also need strategic intelligence to understand what threats you face and how you need to align your defenses to address them. Operational intelligence is effective in quickly responding to an attack, but you also need intelligence that will allow you to move from reactive measures to proactive threat hunting.
Proofpoint
Homepage: https://www.proofpoint.com/
Description:
Proofpoint gives you protection and visibility for your greatest cybersecurity risk—your people. We provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, and social media.
Description:
Proofpoint gives you protection and visibility for your greatest cybersecurity risk—your people. We provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, and social media.
Pulsedive
Homepage: http://pulsedive.com/about/#feed
Description:
The Pulsedive Feed is a configurable CSV of high-fidelity intelligence. Streamlining over 30+ open source feeds and community submissions all over the world, security teams can leverage our vetted Feed to simplify CTI ingestion, reduce false positives, and easily automate the enrichment of alerts and logs. Free sample feeds are available.
Description:
The Pulsedive Feed is a configurable CSV of high-fidelity intelligence. Streamlining over 30+ open source feeds and community submissions all over the world, security teams can leverage our vetted Feed to simplify CTI ingestion, reduce false positives, and easily automate the enrichment of alerts and logs. Free sample feeds are available.
Recorded Future
DRP
Homepage: https://www.recordedfuture.com/
Description:
Security Intelligence Solutions; Brand Protection, Third-Party Risk, SECOps and Response, Threat Intelligence, Vulnerability Management, Geopolitical Risk
Description:
Security Intelligence Solutions; Brand Protection, Third-Party Risk, SECOps and Response, Threat Intelligence, Vulnerability Management, Geopolitical Risk
RiskIQ
Homepage: https://www.riskiq.com/
Description:
RiskIQ empowers CISOs to continuously visualize and defend their ever-changing attack surface. Proactively protect your company, brand, people, and data.
Description:
RiskIQ empowers CISOs to continuously visualize and defend their ever-changing attack surface. Proactively protect your company, brand, people, and data.
SOC Prime
SOC
Content
Rules
MITRE
Homepage: https://socprime.com/
Description:
Our Threat Detection Marketplace, a SaaS platform for SOC content, provides access and support to over 73,000 detection and response algorithms for 20+ market-leading SIEM, EDR and NTDR technologies. We help organizations to rapidly and continuously improve their detection and response capabilities by enabling streaming for Sigma rules, as well as native SIEM content, such as queries, dashboards and data connectors, supporting continuous integration, data schema customization, and threat profile alignment to 250+ techniques per MITRE ATT&CK(™).
Description:
Our Threat Detection Marketplace, a SaaS platform for SOC content, provides access and support to over 73,000 detection and response algorithms for 20+ market-leading SIEM, EDR and NTDR technologies. We help organizations to rapidly and continuously improve their detection and response capabilities by enabling streaming for Sigma rules, as well as native SIEM content, such as queries, dashboards and data connectors, supporting continuous integration, data schema customization, and threat profile alignment to 250+ techniques per MITRE ATT&CK(™).
SWIMLANE
SOAR
Homepage: https://swimlane.com/
Description:
Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real-time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations.
Description:
Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real-time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations.
Sentinel
SIEM
Cloud
Homepage: https://azure.microsoft.com/en-us/services/azure-sentinel/
Description:
See and stop threats before they cause harm, with SIEM reinvented for a modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work.
Description:
See and stop threats before they cause harm, with SIEM reinvented for a modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work.
Siemplify
SOAR
Homepage: https://www.siemplify.co/
Description:
Siemplify was born out of the need for a better, simpler, more effective way to manage security operations. We were built by security operations experts who spent years honing their skills on the front lines of Israeli cyber intelligence agencies.
Description:
Siemplify was born out of the need for a better, simpler, more effective way to manage security operations. We were built by security operations experts who spent years honing their skills on the front lines of Israeli cyber intelligence agencies.
Spamhaus
OSINT
Homepage: https://www.spamhaus.org/
Description:
With a 20 year history, vast internet traffic visibility and protecting over 3 Billion users, Spamhaus is the industry leader in realtime actionable highly accurate threat intelligence.
Description:
With a 20 year history, vast internet traffic visibility and protecting over 3 Billion users, Spamhaus is the industry leader in realtime actionable highly accurate threat intelligence.
Splunk
SIEM
Homepage: https://www.splunk.com/
Description:
Splunk Security Operations Suite combines industry-leading data, analytics and operations solutions to modernize and optimize your cyber defenses.
Description:
Splunk Security Operations Suite combines industry-leading data, analytics and operations solutions to modernize and optimize your cyber defenses.
SpyCloud
DRP
Homepage: https://spycloud.com/
Description:
SpyCloud can help you prevent account takeover and combat online fraud with proactive solutions that leverage the largest repository of recovered breach assets in the world.
Description:
SpyCloud can help you prevent account takeover and combat online fraud with proactive solutions that leverage the largest repository of recovered breach assets in the world.
THEHIVE
SOAR
Homepage: https://thehive-project.org/
Description:
A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Description:
A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
ThreatConnect
SOAR
Homepage: https://threatconnect.com/
Description:
We believe that intelligence should flow through every aspect of a security program. To enable constant, sound decision-making, analytics need to be constantly evaluated. Our founders started this company with the mission of making security analysts more efficient, while providing real-time insights to security leaders to make business decisions.
Description:
We believe that intelligence should flow through every aspect of a security program. To enable constant, sound decision-making, analytics need to be constantly evaluated. Our founders started this company with the mission of making security analysts more efficient, while providing real-time insights to security leaders to make business decisions.
ThreatQuotient
Homepage: https://www.threatq.com/threat-intelligence-management/
Description:
The ThreatQ platform has taken a threat-centric approach to security operations. This approach allows security teams to prioritize based on threat and risk, collaborate across teams, automate actions and workflows and integrate point products into a single security infrastructure.
Description:
The ThreatQ platform has taken a threat-centric approach to security operations. This approach allows security teams to prioritize based on threat and risk, collaborate across teams, automate actions and workflows and integrate point products into a single security infrastructure.
VirusTotal Enterprise
Homepage: https://www.virustotal.com/gui/services-overview
Browse: https://www.virustotal.com
Description:
VT Intelligence is part of VT Enterprise Suite. Advanced modifer-based search engine over VirusTotal's dataset (files, domains, URLs, IPs), with richer details and context about threats. Allows you to download files for further study and dissection offline
Browse: https://www.virustotal.com
Description:
VT Intelligence is part of VT Enterprise Suite. Advanced modifer-based search engine over VirusTotal's dataset (files, domains, URLs, IPs), with richer details and context about threats. Allows you to download files for further study and dissection offline
XSOAR
SOAR
Homepage: https://www.paloaltonetworks.com/cortex/xsoar
Description:
The industry’s most comprehensive security orchestration, automation and response platform with native threat intelligence management and a built-in marketplace.
Description:
The industry’s most comprehensive security orchestration, automation and response platform with native threat intelligence management and a built-in marketplace.
ZEROFOX
Homepage: https://www.zerofox.com/threat-intelligence/
Description:
Integrate digital threat data through ZeroFOX’s Intelligence Service which provides unique indicators, such as malicious domains, URLs, IPs, impersonating accounts and phishing email addresses.
Description:
Integrate digital threat data through ZeroFOX’s Intelligence Service which provides unique indicators, such as malicious domains, URLs, IPs, impersonating accounts and phishing email addresses.