Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Anomali ThreatStream Community App
MD5 checksum (anomali-threatstream-community-app_502.tgz) 91eb662e4e8eb7ef3ec301133deb0e91 MD5 checksum (anomali-threatstream-community-app_501.tgz) 1bd10920f0f27526c3f2106308da4470 MD5 checksum (anomali-threatstream-community-app_3312.tgz) 198002b15df18016870b8039a110250e MD5 checksum (anomali-threatstream-community-app_3310.tgz) 587c5a8336a0fabee9035dd14331f513 MD5 checksum (anomali-threatstream-community-app_339.tgz) baacddda29a5d94878bf52e69ac3f848 MD5 checksum (anomali-threatstream-community-app_338.tgz) 13cca65c0f67da86461f5f128a280dca MD5 checksum (anomali-threatstream-community-app_337.tgz) 807e6e2c8745fa78ffe394dd75598953 MD5 checksum (anomali-threatstream-community-app_336.tgz) a3dc2f380e00d79d1e1bb9ca56beb33e MD5 checksum (anomali-threatstream-community-app_335.tgz) f726ec8ff84fdeba70b2c82a316bf901 MD5 checksum (anomali-threatstream-community-app_334.tgz) 970236781a6655ab6641473632a0f930 MD5 checksum (anomali-threatstream-community-app_333.tgz) 0677311e7e7ba444168492dbcb8d1f77 MD5 checksum (anomali-threatstream-community-app_332.tgz) d8127d5ad313b57ebfa460918bef297d MD5 checksum (anomali-threatstream-community-app_331.tgz) 146c9da556f55236e4cc748192599346
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Anomali ThreatStream Community App

Splunk Certified
The Anomali Community App for Splunk combines the quality of Anomali’s threat intelligence with the depth of Splunk’s analytics to help organizations identify and respond to external security threats. The application provides subscribers with the capability to instantly check their exposure against published threats and to automate a health check against subscribers’ own live Splunk event data. Once threat matches are identified, Anomali provides security teams with the tools needed to research and investigate IOCs further.

The Anomali Community App for Splunk provides the following functionality:

  • Download and view Weekly Threat Briefings and Breaking News reports, published by Anomali Labs.

  • Scan logs against Anomali content to identify threats in your environment.

  • Optionally upload log summaries to cloud scanning against millions of Indiciators of Compromise.

  • Investigate and Respond to threats identified within your environment.

  • Map indicators to phases of the Diamond Model.



Quick Start Guide:

System Requirements:

  • Splunk version 6.4, 6.3
  • Linux (x64) or Windows (x64 or x86)


We value your feedback and will continue to update this app on a regular basis. Please send comments, requests, or feedback to <>.

Release Notes

Version: 5.0.2

Addressed feedback from Splunk certification team

Nov. 29, 2016, 1:31 a.m.

Platform Independent

6.4, 6.3

Version: 5.0.1

Bug Fixes

Oct. 3, 2016, 3:58 a.m.

Platform Independent

6.4, 6.3

Version: 3.3.12

Updated the product logos

June 23, 2016, 1:48 a.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 3.3.10

May 2, 2016, 5:29 a.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 3.3.9

April 28, 2016, 6:04 a.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 3.3.8

April 19, 2016, 11:12 p.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 3.3.7

March 22, 2016, 5:15 p.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 3.3.6

Fixes for the Default Dashboard

Jan. 13, 2016, 2:39 a.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 3.3.5

Dec. 23, 2015, 11:07 p.m.

Platform Independent

6.2, 6.1

Version: 3.3.4

Dec. 21, 2015, 9:34 p.m.

Platform Independent

6.2, 6.1

Version: 3.3.3

Added new Dashboards
UI improvements.

Dec. 19, 2014, 2:42 a.m.

Platform Independent

6.2, 6.1

Version: 3.3.2

Fixes an issue with indexers receiving unnecessary files.

Note, Current ThreatStream customers will need to install the latest version of Optic Link (4.9.8). Please see the in the Docs section to download this splunk version.

Aug. 21, 2014, 7:01 p.m.

Platform Independent

6.1, 6.0

Version: 3.3.1

5/2014 - version 3.3.1
* App now compatible with Splunk Enterprise 6.1

5/2014 - version 3.2.0
* Additional Fields added to Data Model.
* Additional columns added to Indicator screen
* Additional drop downs added to Indicator screen
** Note: This app is not compatible with Splunk Enterprise 6.1

5/2014 - version 3.1.3
* Additional Fields added to Data Model.
* Additional View added to provide insight into web/proxy actions.

5/2014 - version 3.0.2
* Backend lookup process refined to pave the way toward a Splunk Enterprise Security Add-on.
* Data Model Acceleration introduced to provide a big performance boost.
* Multiple dashboards added, including native splunk Maps

May 29, 2014, 12:53 p.m.

Platform Independent

6.1, 6.0

Security, Fraud & Compliance
Product Support
Splunk Enterprise
Splunk Cloud
Content Type
Splunk Versions
CIM Versions
CIM 4.6, 4.5, 4.4, 4.3, 4.2, 4.1, 4.0
End User License Agreement for Third-Party Content
Platform Independent
Built by
Anomali Team
Contact Developer
Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.