Best Free Threat Intelligence Platforms of 2026

Compare the Top Free Threat Intelligence Platforms as of March 2026

Sort By:

Threat Intelligence Free Version 1-10 Clear Filters

What are Free Threat Intelligence Platforms?

Threat intelligence platforms are tools that enable organizations to collect, analyze, and act on cybersecurity threat data to proactively defend against potential attacks. These platforms aggregate information from a variety of sources, including internal security systems, open-source intelligence, commercial threat feeds, and government alerts, to provide a comprehensive view of the threat landscape. By processing and correlating this data, threat intelligence platforms identify emerging threats, track attacker tactics, and provide actionable insights that can be used to strengthen defenses and inform decision-making. Many threat intelligence platforms also integrate with other security systems, such as Security Information and Event Management (SIEM) tools, to automate threat detection and response. Overall, these platforms enhance an organization’s ability to respond to and mitigate cyber threats quickly and effectively. Compare and read user reviews of the best Free Threat Intelligence platforms currently available using the table below. This list is updated regularly.

1

Criminal IP

AI SPERA

Criminal IP equips security teams with the actionable Threat Intelligence needed to proactively identify, analyze, and respond to emerging threats. Powered by AI and OSINT, it delivers threat scoring, reputation data, and real-time detection of a wide array of malicious indicators, ranging from C2 servers and IOCs to masking services like VPNs, proxies, and anonymous VPNs, across IPs, domains, and URLs. Its API-first architecture ensures seamless integration into security workflows to boost visibility, automation, and response.

17 Ratings

Starting Price: $0/month

View Platform
Visit Website
2

ManageEngine Log360

Zoho

Detect, investigate, and resolve security incidents and threats using a single, scalable SIEM solution. Log360 provides you with actionable insights and analytics-driven intelligence for real-time security monitoring, advanced threat detection, incident management, and behavioral analytics-based anomaly detection. Built as the bedrock for your SOC, ManageEngine Log360 comes with out-of-the-box correlation and workflow rules, dashboards, reports, and alert profiles to help you address vital security issues with little manual intervention.

157 Ratings

View Platform
Visit Website
3

Guardz

Guardz

Guardz is the unified cybersecurity platform purpose-built for MSPs. We consolidate the essential security controls, including identities, endpoints, email, awareness, and more, into one AI-native framework designed for operational efficiency. Our identity-centric approach connects the dots across vectors, reducing the gaps that siloed tools leave behind so MSPs can see, understand, and act on user risk in real time. Backed by an elite research and threat hunting team, Guardz strengthens detection across environments, turning signals into actionable insights. With 24/7 AI + human-led MDR, Guardz utilizes agentic AI to triage at machine speed while expert analysts validate, mitigate, and guide response, giving MSPs scalable protection without adding headcount. Our mission is simple: give MSPs the scale, confidence, and clarity they need to stay ahead of attackers and deliver protection to every SMB they serve.

109 Ratings

View Platform
Visit Website
4

Cloudflare

Cloudflare

Cloudflare is the foundation for your infrastructure, applications, and teams. Cloudflare secures and ensures the reliability of your external-facing resources such as websites, APIs, and applications. It protects your internal resources such as behind-the-firewall applications, teams, and devices. And it is your platform for developing globally scalable applications. Your website, APIs, and applications are your key channels for doing business with your customers and suppliers. As more and more shift online, ensuring these resources are secure, performant and reliable is a business imperative. Cloudflare for Infrastructure is a complete solution to enable this for anything connected to the Internet. Behind-the-firewall applications and devices are foundational to the work of your internal teams. The recent surge in remote work is testing the limits of many organizations’ VPN and other hardware solutions.

1,948 Ratings

Starting Price: $20 per website

View Platform
5

Safetica

Safetica

Safetica’s Intelligent Data Security protects sensitive data where teams work, using powerful AI to deliver contextual awareness, reduce false positives, and stop real threats without disrupting productivity. With Safetica, security teams can maintain visibility and control over sensitive data, stay ahead of insider risks, maintain compliance, and secure sensitive cloud-based data. ✔️ Data Protection: Classify, monitor and control sensitive data across devices and clouds in real time. ✔️ Insider Risk and User Behavior: Spot risky behavior, detect intent, and stop insider threats to stay ahead of the careless handling of sensitive data, compromised user accounts and malicious user activity. ✔️ Compliance and Data Discovery: Prove compliance with audit-ready reporting for data in use, in motion, and at rest. ✔️ Cloud Security: Protect Microsoft 365, cloud, and file-sharing platforms to secure sensitive cloud-based data.

409 Ratings

View Platform
6

ManageEngine EventLog Analyzer

ManageEngine

ManageEngine EventLog Analyzer is an on-premise log management solution designed for businesses of all sizes across various industries such as information technology, health, retail, finance, education and more. The solution provides users with both agent based and agentless log collection, log parsing capabilities, a powerful log search engine and log archiving options. With network device auditing functionality, it enables users to monitor their end-user devices, firewalls, routers, switches and more in real time. The solution displays analyzed data in the form of graphs and intuitive reports. EventLog Analyzer's incident detection mechanisms such as event log correlation, threat intelligence, MITRE ATT&CK framework implementation, advanced threat analytics, and more, helps spot security threats as soon as they occur. The real-time alert system alerts users about suspicious activities, so they can prioritize high-risk security threats.

203 Ratings

Starting Price: $595

View Platform
7

TrafficGuard

TrafficGuard

With TrafficGuard, you'll never have to worry about polluted traffic ruining your campaign efforts again. Our cutting-edge ML/AI-driven technology filters out dumb and sophisticated, fraudulent traffic in real-time, ensuring that your ad spend is directed towards real, high-quality clicks and conversions. This means improved campaign results and a higher return on your ad spend (ROAS). The powerful solution ensures that every penny of your advertising spend is safeguarded so you can focus on achieving your marketing goals with peace of mind. Let TrafficGuard take the worry out of ad fraud protection and help you guard your: - Google Search (PPC) campaigns - Mobile UA campaigns - Affiliate spend - Social Networks But we don't just stop at technology - our expert campaign management and world-class customer service ensure you have a partner you can rely on for all your ad fraud protection needs.

89 Ratings

Starting Price: Free for up to $2.5k ad spend

View Platform
8

ActivTrak

Birch Grove Software

ActivTrak helps enterprises drive operational efficiency through AI-powered workforce intelligence. Its award-winning platform transforms work activity data into actionable insights for workforce management, workforce productivity and workforce planning — enabling measurable ROI and stronger business outcomes. More than 9,500 organizations trust ActivTrak's technology, recognized by Deloitte's Technology Fast 500, Inc. 5000, TrustRadius, and G2. Backed by Sapphire Ventures and Elsewhere Partners, ActivTrak leads the way in privacy-first workforce data that fuels the future of intelligent work.

5 Ratings

Starting Price: $10/user/month billed annually

View Platform
9

ManageEngine Endpoint Central

ManageEngine

ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the entire endpoint lifecycle, all from a single console. With automated patching across Windows, Mac, Linux and 1,000+ third-party applications, it ensures vulnerabilities are mitigated before attackers can exploit them. Its next-gen antivirus (NGAV) feature, powered by AI-driven behavioural detection, provides 24/7 protection against ransomware, malware, and zero-day threats. Endpoint Central further strengthens enterprise defenses with a broad set of security capabilities, including vulnerability assessment and mitigation, peripheral device control, data loss prevention, application control, endpoint privilege management, encryption with FileVault and BitLocker, and browser security.

10 Ratings

Starting Price: $795.00/one-time

View Platform
10

Microsoft Sentinel

Microsoft

Standing watch, by your side. Intelligent security analytics for your entire enterprise. See and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft. Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft.

2 Ratings

View Platform
11

Splunk Enterprise

Cisco

Splunk Enterprise is a powerful platform that turns data into actionable insights across security, IT, and business operations. It enables organizations to search, analyze, and visualize data from virtually any source, providing a unified view across edge, cloud, and hybrid environments. With real-time monitoring, alerts, and dashboards, teams can detect issues quickly and act decisively. Splunk AI and machine learning features predict problems before they happen, improving resilience and decision-making. The platform scales to handle terabytes of data and integrates with thousands of apps, making it a flexible solution for enterprises of all sizes. Trusted by leading organizations worldwide, Splunk helps teams move from visibility to action.

2 Ratings

View Platform
12

threatYeti by alphaMountain

alphaMountain AI

threatYeti by alphaMountain, turns security professionals and hobbyists alike into a senior IP threat intelligence analysts with a browser-based platform that renders real-time threat verdicts for any domain, URL, or IP on the internet. With threatYeti, the risk posed by a domain is rendered instantly with a color-coded rating from 1.00 (low risk) to 10.00 (high risk). threatYeti also protects cyber threat analysts and their networks from risky sites. threatYeti’s no-click categorization presents sites into at least one out of 89 categories so that analysts don’t have to visit them and risk encountering objectionable material or downloading malware. threatYeti also displays related hosts, threat factors, passive DNS, certificates, redirect chains and more, giving analysts the full picture of any host. The result is faster, safer investigations that enable organizations to take conclusive action on domain and IP threats.

1 Rating

Starting Price: $0

View Platform
13

CTM360

CTM360

CTM360 is a unified external security platform that integrates External Attack Surface Management, Digital Risk Protection, Cyber Threat Intelligence, Brand Protection & Anti-phishing, Surface, Deep & Dark Web Monitoring, Security Ratings, Third Party Risk Management and Unlimited Takedowns. Seamless and turn-key, CTM360 requires no configurations, installations or inputs from the end-user, with all data pre-populated and specific to your organization. All aspects are managed by CTM360. Register today to take advantage of our Community Edition option and explore a range of features and functionalities at NO cost.

Starting Price: Register today to take advanta

View Platform
14

Threat Intelligence Platform

Threat Intelligence Platform

Threat Intelligence Platform combines several threat intelligence sources to provide in-depth insights on threat hosts and attack infrastructure. Correlating threat information from various feeds with our exhaustive in-house databases, a result of 10+ years of data crawling, the platform performs real-time host configuration analyses to come up with actionable threat intelligence that is vital in detection, mitigation, and remediation. Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface. Integrate our rich data sources into your systems to enrich results with additional threat intelligence insights. Integrate our capabilities into existing cybersecurity products, including cyber threat intelligence (CTI) platforms, security information and event management (SIEM) solutions, digital risk protection (DRP) solutions, and more.

Starting Price: $12.5 per month

View Platform
15

Pangea

Pangea

Pangea is the first Security Platform as a Service (SPaaS) delivering comprehensive security functionality which app developers can leverage with a simple call to Pangea’s APIs. The platform offers foundational security services such as Authentication, Authorization, Audit Logging, Secrets Management, Entitlement and Licensing. Other security functions include PII Redaction, Embargo, as well as File, IP, URL and Domain intelligence. Just as you would use AWS for compute, Twilio for communications, or Stripe for payments - Pangea provides security functions directly into your apps. Pangea unifies security for developers, delivering a single platform where API-first security services are streamlined and easy for any developer to deliver secure user experiences.

Starting Price: $0

View Platform
16

PolySwarm

PolySwarm

Unlike in any other multiscanner, in PolySwarm there is money at stake: threat detection engines back their opinions with money, at the artifact level (file, URL, etc.), and are economically rewarded and penalized based on the accuracy of their determinations. The following process is automated and is executed by software (engines) in near real time. Users submit artifacts to PolySwarm’s network via API or web UI. Crowdsourced intelligence (engine determinations) and a final score (PolyScore) are sent back to the User. The money from the bounty and the assertions becomes the reward, which is securely escrowed in an Ethereum smart contract. Engines that made the right assertion are rewarded with the money from the initial bounty from the enterprise plus the money the losing engines included with their assertions.

Starting Price: $299 per month

View Platform
17

Maltego

Maltego Technologies

Maltego is a Java application that runs on Windows, Mac and Linux. Maltego is used by a broad range of users, ranging from security professionals to forensic investigators, investigative journalists, and researchers. Easily gather information from dispersed data sources. View up to 1 million entities on a graph. Access over 58 data sources in the Maltego transform hub. Connect public (OSINT), commercial and own data sources. Write your own Transforms. Automatically link and combine all information in one graph. Automatically combine disparate data sources in point-and-click logic. Use our regex algorithms to auto-detect entity types. Enrich your data through our intuitive graphical user interface. Use entity weights to detect patterns even in the largest graphs. Annotate your graph and export it for further use.

Starting Price: €5000 per user per year

View Platform
18

Webshrinker

DNSFilter

Our AI categorizes billions of domains daily. We catch 76% more threats than competitors, and we catch them 5 days faster. Our domain intelligence tools have categorized more than 380 million websites, and re-scan the web every 5 days. No other feed detects and categorizes new sites faster. No other feed uses image and logo scanning technology to detect fresh scams and malware images. Our data powers web filtering, endpoint protection, rich ad targeting, and contextual safety for millions of users around the world. Webshrinker scans, aggregates, and categorizes billions of domains every day using artificial intelligence. We then validate our site categorizations using human intelligence. Raw data is collected from domains around the world. 5 billion events per day are cleaned and categorized. Machine learning algorithms process large data sets. New information is pushed out to customers via API or database update.

Starting Price: $50 per month

View Platform
19

Kaduu

Kaduu

Kaduu helps you understand when, where and how stolen or accidentally leaked information in dark web markets, forums, botnet logs, IRC, social media and other sources is exposed. Kaduu’s alerting service can also detect threats before they turn into incidents. Kaduu offers AI-driven dark web analysis, real-time threat alerts and pre-Attack threat indicators. Setup in minutes you will receive instant access to real-time reporting. Employees who are heavily exposed to the Internet are at greater risk of social engineering attacks such as phishing. Kaduu offers the option of monitoring any mention of credit card information (name, part of number, etc.) on the Dark Web.

Starting Price: $50 per company per month

View Platform
20

FOFA

Beijing Huashun Xin'an Technology Co., Ltd

FOFA is a Search Engine for global cyberspace mapping. Through continuous active detection of global Internet assets, identifying most software and hardware network assets. Asset data supports external presentation and application in various ways and can perform hierarchical portraits of assets based on IP.

Starting Price: Free

View Platform
21

Outtake

Outtake

Outtake is an AI-powered cybersecurity platform that uses always-on, agentic AI agents to secure an organization’s digital presence by continuously scanning and defending against modern threats like brand impersonation, phishing, fake domains, fraudulent ads, and spoofed apps across the open web, social platforms, forums, and media at internet scale. Its autonomous agents analyze text, images, video, and audio in real time to detect coordinated attacks, correlate related malicious activity across formats and surfaces, and prioritize and execute remediation steps faster than traditional, manual processes, shrinking takedown timelines from weeks to hours while reducing analyst workload. It includes open source intelligence for narrative and risk monitoring, digital risk protection that maps and dismantles interconnected threat networks, and Outtake Verify, a browser extension that cryptographically authenticates email sender identity to prove who actually sent a message.

Starting Price: Free

View Platform
22

ThreatWatch

ThreatWatch

Stay informed on emerging threats using real-time, machine curated threat intelligence. Detect and prioritize threats up to 3 months earlier than leading scanning solutions without redundant scanning or agents. Use Attenu8, our AI platform to prioritize your threats. Secure your DevOps pipeline against open source vulnerabilities, malware, code secrets and configuration issues. Secure your infrastructure, network and IOT devices and any other assets by modeling them as virtual assets. Discover and manage your assets easily with a simple open source CLI. Decentralize security functions using real-time alerts. Integrate with MSTeams, Slack, JIRA, ServiceNow and other ecosystems using our powerful API and SDK. Stay ahead of your adversaries. Get informed on emerging malware, vulnerabilities, exploits, patches and remediations in real-time using our AI powered, machine curated threat intelligence.

View Platform
23

Lumu

Lumu Technologies

The devil is in the data. Your metadata, that is. Lumu’s Continuous Compromise Assessment model is made possible by its ability to collect, normalize and analyze a wide range of network metadata, including DNS, netflows, proxy and firewall access logs and spambox. The level of visibility that only these data sources provide, allows us to understand the behavior of your enterprise network, which leads to conclusive evidence on your unique compromise levels. Arm your security team with factual compromise data that enables them to implement a precise response in a timely manner. Blocking spam is good, but analyzing it is better, because you can discover who is targeting your organization, how they are doing it, and how successful they are. Lumu’s Continuous Compromise Assessment is enabled by our patent-pending Illumination Process. Learn more about how this process uses network metadata and advanced analytics to illuminate your network’s dark spots.

View Platform
24

TruKno

TruKno

Keep up with how adversaries are bypassing enterprise security controls based on the latest cyber attack sequences in the wild. Understand cyber attack sequences associated with malicious IP addresses, file hashes, domains, malware, actors, etc. Keep up with the latest cyber threats attacking your networks, your industry/peers/vendors, etc. Understand MITRE TTPs (at a ‘procedure’ level) used by adversaries in the latest cyber attack campaigns so you can enhance your threat detection capabilities. A real-time snapshot of how top malware campaigns are evolving in terms of attack sequences (MITRE TTPs), vulnerability exploitation (CVEs), IOCs, etc.

View Platform
25

HEROIC Unified Cybersecurity Platform

HEROIC

Protect your organization from credential-stuffing attacks and third-party data breaches. Hundreds of billions of records, including email addresses, user credentials, and passwords, have been breached. Hackers use these records to brute-force their way into organizations’ systems and networks to carry out targeted attacks. HEROIC EPIC is an Identity Breach Intelligence Platform™ that discovers and prevents credential stuffing and account takeover attacks

View Platform
26

C-Prot Threat Intelligence Portal

C-Prot

C-Prot Threat Intelligence Portal is a powerful web service for providing access to information about cyber threats. C-Prot Threat Intelligence Portal offers the possibility to check different types of suspicious threat indicators such as files, file signatures, IP addresses, or web addresses. In this way, institutions are informed about potential threats and can take necessary precautions. Detect advanced threats using our advanced detection technologies, including dynamic, static, and behavioral analysis, and our global cloud reputation system with the C-Prot Threat Intelligence Portal. Access detailed information on specific malware indicators, as well as the tools, tactics, and attack types used by cyber attackers. Check for different indicators of suspicious threats such as IP address and web address. Understand threat trends and anticipate specific attacks with complete knowledge of your threat environment.

Starting Price: Free

View Platform
27

OpenCTI

Filigran

OpenCTI is an open source threat intelligence platform developed by Filigran, designed to help organizations collect, correlate, and leverage threat data at strategic, operational, and tactical levels. It provides a consolidated view of threat data from multiple sources, transforming raw data into actionable insights. It features a sophisticated knowledge hypergraph database, fully compliant with STIX standards, enabling deep context and relationships within threat intelligence. OpenCTI offers comprehensive visualizations and analytics, facilitating comparison and investigation within the knowledge graph. It integrates both technical and non-technical information into a unified system, linking each piece of threat intelligence to its original source for a complete analytical perspective. It also includes powerful case management capabilities, enhancing threat detection and response by centralizing incident-related data and fostering real-time collaboration.

View Platform
28

DarQ Intel

DarQ Security

DarQ Intel is a cybersecurity platform that helps organizations better understand and manage their digital risks. It uses AI-driven analysis to highlight potential vulnerabilities, monitor network and cloud environments, and provide actionable security recommendations. DarQ Intel is designed to simplify security workflows and give teams clearer visibility into their infrastructure. Deployment is simple and agent-free, making it easy to get started quickly. The platform integrates with major cloud providers and popular security tools to help centralize insights. It also includes supply chain risk visibility, allowing businesses to identify areas that may need attention. Whether for a small business or a large enterprise, DarQ Intel aims to deliver clear, data-driven security insights that evolve with your organization’s needs. DarQ Security offers a LiTE version for Small Business, and an Enterprise / Government version with enhanced capabilities based on your needs and budget.

Starting Price: $4.99/month

View Platform
29

Pulsedive

Pulsedive

Pulsedive offers threat intelligence platform and data products to help any security team streamline their threat intelligence research, processing, management, and integration. Start by searching any domain, IP, or URL at pulsedive.com. Our community platform provides free capabilities to enrich and investigate indicators of compromise (IOCs), analyze threats, query across the Pulsedive database, and submit new IOCs in bulk. What we do differently: - Perform passive or active scanning on every ingested IOC, on-demand - Risk evaluation and factors shared with our users based on first-hand observations - Pivot off any data property or value - Analyze shared threat infrastructure and properties for different threats Our commercial API and Feed products support the automation and integration of our data within organization security environments. Check out our website for different tiers and offerings.

View Platform
30

ThreatModeler

ThreatModeler

ThreatModeler™ enterprise threat modeling platform is an automated solution that simplifies efforts associated with developing secure applications. We fill a critical and growing need among today's information security professionals: to build threat models of their organizations' data, software, hardware, and infrastructure at the scale of the IT ecosystem and at the speed of innovation. ThreatModeler™ empowers enterprise IT organizations to map their unique secure requirements and policies directly into their enterprise cyber ecosystem – providing real-time situational awareness about their threat portfolio and risk conditions. CISOs and other InfoSec executives gain a comprehensive understanding of their entire attack surface, defense-in-depth strategy, and compensating controls, so they can strategically allocate resources and scale their output.

View Platform