Best Free Threat Intelligence Platforms
View:
Compare the Top Free Threat Intelligence Platforms as of January 2026
Sort By:
What are Free Threat Intelligence Platforms?
Threat intelligence platforms are tools that enable organizations to collect, analyze, and act on cybersecurity threat data to proactively defend against potential attacks. These platforms aggregate information from a variety of sources, including internal security systems, open-source intelligence, commercial threat feeds, and government alerts, to provide a comprehensive view of the threat landscape. By processing and correlating this data, threat intelligence platforms identify emerging threats, track attacker tactics, and provide actionable insights that can be used to strengthen defenses and inform decision-making. Many threat intelligence platforms also integrate with other security systems, such as Security Information and Event Management (SIEM) tools, to automate threat detection and response. Overall, these platforms enhance an organization’s ability to respond to and mitigate cyber threats quickly and effectively. Compare and read user reviews of the best Free Threat Intelligence platforms currently available using the table below. This list is updated regularly.
-
1
ManageEngine Endpoint Central
ManageEngine
ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the entire endpoint lifecycle, all from a single console. With automated patching across Windows, Mac, Linux and 1,000+ third-party applications, it ensures vulnerabilities are mitigated before attackers can exploit them. Its next-gen antivirus (NGAV) feature, powered by AI-driven behavioural detection, provides 24/7 protection against ransomware, malware, and zero-day threats. Endpoint Central further strengthens enterprise defenses with a broad set of security capabilities, including vulnerability assessment and mitigation, peripheral device control, data loss prevention, application control, endpoint privilege management, encryption with FileVault and BitLocker, and browser security.Starting Price: $795.00/one-time -
2
Criminal IP
AI SPERA
Criminal IP is a comprehensive threat intelligence search engine that detects vulnerabilities of personal and corporate cyber assets in real time and facilitates preemptive responses accordingly. Originated from the idea that individuals and corporations would be able to strengthen their cyber security by proactively acquiring information about IP addresses attempting to access your network, Criminal IP uses its big data of more than 4.2 billion IP addresses to provide threat-relevant information on malicious IPs and links, phishing sites, certificates, industrial control systems, IoTs, servers, security cameras, and so forth. With Criminal IP’s 4 main features (Asset Search, Domain Search, Exploit Search, and Image Search), you can find IP risk scores and related vulnerabilities of searched IP addresses and domains, details on the exploit codes for each service, and assets that are left wide open to cyber threats in the form of images respectively.Starting Price: $0/month -
3
ManageEngine Log360
Zoho
Detect, investigate, and resolve security incidents and threats using a single, scalable SIEM solution. Log360 provides you with actionable insights and analytics-driven intelligence for real-time security monitoring, advanced threat detection, incident management, and behavioral analytics-based anomaly detection. Built as the bedrock for your SOC, ManageEngine Log360 comes with out-of-the-box correlation and workflow rules, dashboards, reports, and alert profiles to help you address vital security issues with little manual intervention. -
4
Guardz
Guardz
Guardz is the unified cybersecurity platform purpose-built for MSPs. We consolidate the essential security controls, including identities, endpoints, email, awareness, and more, into one AI-native framework designed for operational efficiency. Our identity-centric approach connects the dots across vectors, reducing the gaps that siloed tools leave behind so MSPs can see, understand, and act on user risk in real time. Backed by an elite research and threat hunting team, Guardz strengthens detection across environments, turning signals into actionable insights. With 24/7 AI + human-led MDR, Guardz utilizes agentic AI to triage at machine speed while expert analysts validate, mitigate, and guide response, giving MSPs scalable protection without adding headcount. Our mission is simple: give MSPs the scale, confidence, and clarity they need to stay ahead of attackers and deliver protection to every SMB they serve. -
5
Cloudflare
Cloudflare
Cloudflare is the foundation for your infrastructure, applications, and teams. Cloudflare secures and ensures the reliability of your external-facing resources such as websites, APIs, and applications. It protects your internal resources such as behind-the-firewall applications, teams, and devices. And it is your platform for developing globally scalable applications. Your website, APIs, and applications are your key channels for doing business with your customers and suppliers. As more and more shift online, ensuring these resources are secure, performant and reliable is a business imperative. Cloudflare for Infrastructure is a complete solution to enable this for anything connected to the Internet. Behind-the-firewall applications and devices are foundational to the work of your internal teams. The recent surge in remote work is testing the limits of many organizations’ VPN and other hardware solutions.Starting Price: $20 per website -
6
Safetica
Safetica
Safetica’s Intelligent Data Security protects sensitive data where teams work, using powerful AI to deliver contextual awareness, reduce false positives, and stop real threats without disrupting productivity. With Safetica, security teams can maintain visibility and control over sensitive data, stay ahead of insider risks, maintain compliance, and secure sensitive cloud-based data. ✔️ Data Protection: Classify, monitor and control sensitive data across devices and clouds in real time. ✔️ Insider Risk and User Behavior: Spot risky behavior, detect intent, and stop insider threats to stay ahead of the careless handling of sensitive data, compromised user accounts and malicious user activity. ✔️ Compliance and Data Discovery: Prove compliance with audit-ready reporting for data in use, in motion, and at rest. ✔️ Cloud Security: Protect Microsoft 365, cloud, and file-sharing platforms to secure sensitive cloud-based data. -
7
ManageEngine EventLog Analyzer
ManageEngine
ManageEngine EventLog Analyzer is an on-premise log management solution designed for businesses of all sizes across various industries such as information technology, health, retail, finance, education and more. The solution provides users with both agent based and agentless log collection, log parsing capabilities, a powerful log search engine and log archiving options. With network device auditing functionality, it enables users to monitor their end-user devices, firewalls, routers, switches and more in real time. The solution displays analyzed data in the form of graphs and intuitive reports. EventLog Analyzer's incident detection mechanisms such as event log correlation, threat intelligence, MITRE ATT&CK framework implementation, advanced threat analytics, and more, helps spot security threats as soon as they occur. The real-time alert system alerts users about suspicious activities, so they can prioritize high-risk security threats.Starting Price: $595 -
8
TrafficGuard
TrafficGuard
With TrafficGuard, you'll never have to worry about polluted traffic ruining your campaign efforts again. Our cutting-edge ML/AI-driven technology filters out dumb and sophisticated, fraudulent traffic in real-time, ensuring that your ad spend is directed towards real, high-quality clicks and conversions. This means improved campaign results and a higher return on your ad spend (ROAS). The powerful solution ensures that every penny of your advertising spend is safeguarded so you can focus on achieving your marketing goals with peace of mind. Let TrafficGuard take the worry out of ad fraud protection and help you guard your: - Google Search (PPC) campaigns - Mobile UA campaigns - Affiliate spend - Social Networks But we don't just stop at technology - our expert campaign management and world-class customer service ensure you have a partner you can rely on for all your ad fraud protection needs.Starting Price: Free for up to $2.5k ad spend -
9
ActivTrak
Birch Grove Software
ActivTrak helps enterprises drive operational efficiency through AI-powered workforce intelligence. Its award-winning platform transforms work activity data into actionable insights for workforce management, workforce productivity and workforce planning — enabling measurable ROI and stronger business outcomes. More than 9,500 organizations trust ActivTrak's technology, recognized by Deloitte's Technology Fast 500, Inc. 5000, TrustRadius, and G2. Backed by Sapphire Ventures and Elsewhere Partners, ActivTrak leads the way in privacy-first workforce data that fuels the future of intelligent work.Starting Price: $10/user/month billed annually -
10
Microsoft Sentinel
Microsoft
Standing watch, by your side. Intelligent security analytics for your entire enterprise. See and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft. Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft. -
11
Splunk Enterprise
Cisco
Splunk Enterprise is a powerful platform that turns data into actionable insights across security, IT, and business operations. It enables organizations to search, analyze, and visualize data from virtually any source, providing a unified view across edge, cloud, and hybrid environments. With real-time monitoring, alerts, and dashboards, teams can detect issues quickly and act decisively. Splunk AI and machine learning features predict problems before they happen, improving resilience and decision-making. The platform scales to handle terabytes of data and integrates with thousands of apps, making it a flexible solution for enterprises of all sizes. Trusted by leading organizations worldwide, Splunk helps teams move from visibility to action. -
12
Silent Push
Silent Push
Silent Push reveals adversary infrastructure, campaigns, and security problems by searching across the most timely, accurate and complete Threat Intelligence dataset available. Defenders can focus on stopping threats before they cause a problem and significantly improve their security operations across the entire attack chain whilst simultaneously reducing operational complexity. The Silent Push platform exposes Indicators of Future Attack (IOFA) by applying unique behavioral fingerprints to attacker activity and searching our dataset. Security teams can identify new impending attacks, rather than relying upon out-of-date IOCs delivered by legacy threat intelligence. Our solutions include: Proactive Threat Hunting - Identify and track malicious infrastructure before it’s weaponized. Brand & Impersonation - Protect your brand from phishing, malvertisement, and spoofing attacks. IOFA Early Detection Feeds - Monitor global threat activity with proactive intelligence.Starting Price: $100/month -
13
threatYeti by alphaMountain
alphaMountain AI
threatYeti by alphaMountain, turns security professionals and hobbyists alike into a senior IP threat intelligence analysts with a browser-based platform that renders real-time threat verdicts for any domain, URL, or IP on the internet. With threatYeti, the risk posed by a domain is rendered instantly with a color-coded rating from 1.00 (low risk) to 10.00 (high risk). threatYeti also protects cyber threat analysts and their networks from risky sites. threatYeti’s no-click categorization presents sites into at least one out of 89 categories so that analysts don’t have to visit them and risk encountering objectionable material or downloading malware. threatYeti also displays related hosts, threat factors, passive DNS, certificates, redirect chains and more, giving analysts the full picture of any host. The result is faster, safer investigations that enable organizations to take conclusive action on domain and IP threats.Starting Price: $0 -
14
SIRP
SIRP
SIRP is a no-code risk-based SOAR platform that connects everything security teams need to ensure consistently strong outcomes into a single, intuitive platform. SIRP empowers Security Operations Centers (SOCs), Incident Response (IR) teams, Threat Intelligence teams, and Vulnerability Management (VM) teams through integration of security tools and powerful automation and orchestration tools. SIRP is a no-code SOAR platform with a built-in security scoring engine. The engine calculates real-world risk scores that are specific to your organization for every incident, alert, and vulnerability. This granular approach enables security teams to map risks to individual assets and prioritize response at scale. SIRP makes all security tools and functions available to security teams at the push of a button, saving thousands of hours each year. Design and enforce best practice security processes using SIRP’s intuitive drag-and-drop playbook building module. -
15
CTM360
CTM360
CTM360 is a unified external security platform that integrates External Attack Surface Management, Digital Risk Protection, Cyber Threat Intelligence, Brand Protection & Anti-phishing, Surface, Deep & Dark Web Monitoring, Security Ratings, Third Party Risk Management and Unlimited Takedowns. Seamless and turn-key, CTM360 requires no configurations, installations or inputs from the end-user, with all data pre-populated and specific to your organization. All aspects are managed by CTM360. Register today to take advantage of our Community Edition option and explore a range of features and functionalities at NO cost.Starting Price: Register today to take advanta -
16
Threat Intelligence Platform
Threat Intelligence Platform
Threat Intelligence Platform combines several threat intelligence sources to provide in-depth insights on threat hosts and attack infrastructure. Correlating threat information from various feeds with our exhaustive in-house databases, a result of 10+ years of data crawling, the platform performs real-time host configuration analyses to come up with actionable threat intelligence that is vital in detection, mitigation, and remediation. Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface. Integrate our rich data sources into your systems to enrich results with additional threat intelligence insights. Integrate our capabilities into existing cybersecurity products, including cyber threat intelligence (CTI) platforms, security information and event management (SIEM) solutions, digital risk protection (DRP) solutions, and more.Starting Price: $12.5 per month -
17
Pangea
Pangea
Pangea is the first Security Platform as a Service (SPaaS) delivering comprehensive security functionality which app developers can leverage with a simple call to Pangea’s APIs. The platform offers foundational security services such as Authentication, Authorization, Audit Logging, Secrets Management, Entitlement and Licensing. Other security functions include PII Redaction, Embargo, as well as File, IP, URL and Domain intelligence. Just as you would use AWS for compute, Twilio for communications, or Stripe for payments - Pangea provides security functions directly into your apps. Pangea unifies security for developers, delivering a single platform where API-first security services are streamlined and easy for any developer to deliver secure user experiences.Starting Price: $0 -
18
SOC Prime Platform
SOC Prime
SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 28 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations from 155 countries, including 42% of Fortune 100, 21% of Forbes Global 2000, 90+ public sector institutions, and 300+ MSSP and MDR providers. Driven by its advanced cybersecurity solutions, Threat Detection Marketplace, Uncoder AI, and Attack Detective, SOC Prime enables organizations to risk-optimize their cybersecurity posture while improving the ROI of their SOC investments. -
19
Vulcan Cyber
Vulcan Cyber
At Vulcan Cyber we’re changing the way businesses reduce cyber risk through vulnerability remediation orchestration. We help IT security teams go beyond remedial vulnerability management to help them drive vulnerability remediation outcomes. The Vulcan platform consolidates vulnerability and asset data, with threat intelligence and customizable risk parameters to deliver risk-based vulnerability prioritization insights. But we don't stop there. Vulcan remediation intelligence takes the vulnerabilities that matter to your business and attaches the remedies and fixes needed to mitigate the threat. Then Vulcan orchestrates and measures the rest of the remediation process with integrations and inputs into application security, DevSecOps, patch management, configuration management, and cloud security tools, teams and functions. From scan to fix, Vulcan Cyber delivers the unique ability to orchestrate the entire vulnerability remediation process to GET FIX DONE at scale.Starting Price: $999 / month -
20
PolySwarm
PolySwarm
Unlike in any other multiscanner, in PolySwarm there is money at stake: threat detection engines back their opinions with money, at the artifact level (file, URL, etc.), and are economically rewarded and penalized based on the accuracy of their determinations. The following process is automated and is executed by software (engines) in near real time. Users submit artifacts to PolySwarm’s network via API or web UI. Crowdsourced intelligence (engine determinations) and a final score (PolyScore) are sent back to the User. The money from the bounty and the assertions becomes the reward, which is securely escrowed in an Ethereum smart contract. Engines that made the right assertion are rewarded with the money from the initial bounty from the enterprise plus the money the losing engines included with their assertions.Starting Price: $299 per month -
21
Maltego
Maltego Technologies
Maltego is a Java application that runs on Windows, Mac and Linux. Maltego is used by a broad range of users, ranging from security professionals to forensic investigators, investigative journalists, and researchers. Easily gather information from dispersed data sources. View up to 1 million entities on a graph. Access over 58 data sources in the Maltego transform hub. Connect public (OSINT), commercial and own data sources. Write your own Transforms. Automatically link and combine all information in one graph. Automatically combine disparate data sources in point-and-click logic. Use our regex algorithms to auto-detect entity types. Enrich your data through our intuitive graphical user interface. Use entity weights to detect patterns even in the largest graphs. Annotate your graph and export it for further use.Starting Price: €5000 per user per year -
22
Webshrinker
DNSFilter
Our AI categorizes billions of domains daily. We catch 76% more threats than competitors, and we catch them 5 days faster. Our domain intelligence tools have categorized more than 380 million websites, and re-scan the web every 5 days. No other feed detects and categorizes new sites faster. No other feed uses image and logo scanning technology to detect fresh scams and malware images. Our data powers web filtering, endpoint protection, rich ad targeting, and contextual safety for millions of users around the world. Webshrinker scans, aggregates, and categorizes billions of domains every day using artificial intelligence. We then validate our site categorizations using human intelligence. Raw data is collected from domains around the world. 5 billion events per day are cleaned and categorized. Machine learning algorithms process large data sets. New information is pushed out to customers via API or database update.Starting Price: $50 per month -
23
Kaduu
Kaduu
Kaduu helps you understand when, where and how stolen or accidentally leaked information in dark web markets, forums, botnet logs, IRC, social media and other sources is exposed. Kaduu’s alerting service can also detect threats before they turn into incidents. Kaduu offers AI-driven dark web analysis, real-time threat alerts and pre-Attack threat indicators. Setup in minutes you will receive instant access to real-time reporting. Employees who are heavily exposed to the Internet are at greater risk of social engineering attacks such as phishing. Kaduu offers the option of monitoring any mention of credit card information (name, part of number, etc.) on the Dark Web.Starting Price: $50 per company per month -
24
FOFA
Beijing Huashun Xin'an Technology Co., Ltd
FOFA is a Search Engine for global cyberspace mapping. Through continuous active detection of global Internet assets, identifying most software and hardware network assets. Asset data supports external presentation and application in various ways and can perform hierarchical portraits of assets based on IP.Starting Price: Free -
25
OnSecurity
OnSecurity
OnSecurity is a leading CREST-accredited penetration testing vendor based in the UK, dedicated to delivering high-impact, high-intelligence penetration testing services to businesses of all sizes. By simplifying the management and delivery of pentesting, we make it easier for organisations to enhance their security posture and mitigate risks, contributing to a safer, more secure digital environment for everyone. Pentesting, Vulnerability Scanning and Threat Intelligence all in one platform.Starting Price: $9.30 per month -
26
Netcraft
Netcraft
Netcraft is a comprehensive digital-risk protection and cyber-crime disruption platform that helps organizations detect, disrupt, and eliminate external threats at scale. Its systems ingest over 23 billion datapoints annually and leverage a global proxy network to classify more than 100 types of attacks. Using automated processes, AI/ML and 80 000+ human-written rules, Netcraft achieves median phishing-site takedown times of around 2.1 hours. The platform is built around key capabilities including; continuous monitoring of look-alike domains, impersonation sites, social-media abuse, phone-number fraud and compromised infrastructure; evidence-gathering via screenshots and crawler tools to bypass cloaking and geo-fencing; real-time threat feeds and takedown workflows integrated with registrars, hosts and social platforms; and dashboards with status tracking, custom reporting, and ROI visualization.Starting Price: Free -
27
Outtake
Outtake
Outtake is an AI-powered cybersecurity platform that uses always-on, agentic AI agents to secure an organization’s digital presence by continuously scanning and defending against modern threats like brand impersonation, phishing, fake domains, fraudulent ads, and spoofed apps across the open web, social platforms, forums, and media at internet scale. Its autonomous agents analyze text, images, video, and audio in real time to detect coordinated attacks, correlate related malicious activity across formats and surfaces, and prioritize and execute remediation steps faster than traditional, manual processes, shrinking takedown timelines from weeks to hours while reducing analyst workload. It includes open source intelligence for narrative and risk monitoring, digital risk protection that maps and dismantles interconnected threat networks, and Outtake Verify, a browser extension that cryptographically authenticates email sender identity to prove who actually sent a message.Starting Price: Free -
28
ThreatWatch
ThreatWatch
Stay informed on emerging threats using real-time, machine curated threat intelligence. Detect and prioritize threats up to 3 months earlier than leading scanning solutions without redundant scanning or agents. Use Attenu8, our AI platform to prioritize your threats. Secure your DevOps pipeline against open source vulnerabilities, malware, code secrets and configuration issues. Secure your infrastructure, network and IOT devices and any other assets by modeling them as virtual assets. Discover and manage your assets easily with a simple open source CLI. Decentralize security functions using real-time alerts. Integrate with MSTeams, Slack, JIRA, ServiceNow and other ecosystems using our powerful API and SDK. Stay ahead of your adversaries. Get informed on emerging malware, vulnerabilities, exploits, patches and remediations in real-time using our AI powered, machine curated threat intelligence. -
29
Lumu
Lumu Technologies
The devil is in the data. Your metadata, that is. Lumu’s Continuous Compromise Assessment model is made possible by its ability to collect, normalize and analyze a wide range of network metadata, including DNS, netflows, proxy and firewall access logs and spambox. The level of visibility that only these data sources provide, allows us to understand the behavior of your enterprise network, which leads to conclusive evidence on your unique compromise levels. Arm your security team with factual compromise data that enables them to implement a precise response in a timely manner. Blocking spam is good, but analyzing it is better, because you can discover who is targeting your organization, how they are doing it, and how successful they are. Lumu’s Continuous Compromise Assessment is enabled by our patent-pending Illumination Process. Learn more about how this process uses network metadata and advanced analytics to illuminate your network’s dark spots. -
30
TruKno
TruKno
Keep up with how adversaries are bypassing enterprise security controls based on the latest cyber attack sequences in the wild. Understand cyber attack sequences associated with malicious IP addresses, file hashes, domains, malware, actors, etc. Keep up with the latest cyber threats attacking your networks, your industry/peers/vendors, etc. Understand MITRE TTPs (at a ‘procedure’ level) used by adversaries in the latest cyber attack campaigns so you can enhance your threat detection capabilities. A real-time snapshot of how top malware campaigns are evolving in terms of attack sequences (MITRE TTPs), vulnerability exploitation (CVEs), IOCs, etc.
