Products

ThreatIntel Feed API

Real-time threat intelligence delivered via API. Integrate our global threat data into your SIEM, SOAR, and security tools.

Security tools are only as good as the intelligence they use. The ThreatIntel Feed API provides curated, actionable threat data from global sources, enriching your security stack with the context needed to detect and respond to threats faster.

50k+
Indicators
< 100ms
Response Time
99.99%
API Uptime
24/7
Data Updates
Intelligence

Intelligence Data Types

IP Reputation

Real-time reputation scores for IP addresses including malicious activity history, geo-location, and associated threats.

Domain Intelligence

Identify malware distribution domains, phishing sites, command and control servers, and newly registered suspicious domains.

File Hash Database

Comprehensive database of known malware hashes (MD5, SHA1, SHA256) with malware family classification and first-seen dates.

URL Analysis

Check URLs against known malicious indicators including phishing pages, exploit kits, and malware download sites.

CVE Intelligence

Vulnerability data enriched with exploit availability, active exploitation status, and remediation guidance.

Threat Actor Profiles

Detailed profiles of threat actors including tactics, techniques, procedures (TTPs), and associated campaigns.

Integrations

Works With Your Tools

The ThreatIntel Feed API integrates with your existing security stack through native integrations, STIX/TAXII support, and a flexible REST API.

SIEM Platforms
SOAR Platforms
Firewalls and Proxies
Email Security Gateways
Custom Applications
Security Analytics

REST API

STIX/TAXII

Webhooks

Bulk Export

Enrich Your Security Data

Start using ThreatIntel Feed API today. Free tier available for evaluation and small deployments.