Best Threat Intelligence Platforms for Linux
View:
Compare the Top Threat Intelligence Platforms for Linux as of April 2025
Sort By:
What are Threat Intelligence Platforms for Linux?
Threat intelligence platforms are tools that enable organizations to collect, analyze, and act on cybersecurity threat data to proactively defend against potential attacks. These platforms aggregate information from a variety of sources, including internal security systems, open-source intelligence, commercial threat feeds, and government alerts, to provide a comprehensive view of the threat landscape. By processing and correlating this data, threat intelligence platforms identify emerging threats, track attacker tactics, and provide actionable insights that can be used to strengthen defenses and inform decision-making. Many threat intelligence platforms also integrate with other security systems, such as Security Information and Event Management (SIEM) tools, to automate threat detection and response. Overall, these platforms enhance an organization’s ability to respond to and mitigate cyber threats quickly and effectively. Compare and read user reviews of the best Threat Intelligence platforms for Linux currently available using the table below. This list is updated regularly.
-
1
ConnectWise SIEM
ConnectWise
ConnectWise SIEM (formerly Perch) offers threat detection and response backed by an in-house Security Operations Center (SOC). Defend against business email compromise, account takeovers, and see beyond your network traffic. Our team of threat analysts does all the tedium for you, eliminating the noise and sending only identified and verified treats to action on. Built with multi-tenancy, ConnectWise SIEM helps you keep clients safe with the best threat intel on the market.Starting Price: $10 per month -
2
The Heimdal Threat-hunting and Action Center provides security teams with an advanced threat and risk-centric view of their entire IT landscape, offering granular telemetry across endpoints and networks for swift decision-making.Starting Price: $0/month
-
3
ThreatLocker
ThreatLocker
For IT Professionals to stop ransomware and other cyberattacks, you need to do more than just hunt for threats. ThreatLocker helps you reduce your surface areas of attack with Zero Trust policy-driven endpoint security solutions. Now you can change the paradigm from only blocking known threats, to blocking everything that you have not explicitly allowed. ThreatLocker Application Allowlisting is the gold standard when it comes to blocking ransomware, viruses, and other software-based threats. Discover today the ThreatLocker suite of Zero Trust endpoint security solutions: Allowlisting, Ringfencing, Elevation Control, Storage Control, Network Control, Unified Audit, ThreatLocker Ops, Community, Configuration Manager and Health Center. -
4
Sectrio
Sectrio
Sectrio was launched as Subex Secure in the year 2016 to meet the growing needs of businesses in securing their Internet of Things and Operational Technology footprint on a single platform. To meet this objective, Subex invested in building the world’s largest adaptable honeypot network ground-up while simultaneously building an agile product with features aligned to the needs of our growing customer base. Subex Secure was rebranded as Sectrio in September 2021 to reflect the arrival of the next phase of our product and innovation evolution. Today, Sectrio has deployments across North America, the Middle East, APAC, and Indian markets. Our customer base is spread across verticals. Sectrio also is home to the largest number of cybersecurity domain specialists including the industry’s leading threat research team. -
5
Leviathan Lotan
Leviathan Security Group
Lotan™ provides your enterprise with the unique capability to detect attacks earlier, and with greater confidence. The fragility of exploits in the face of modern countermeasures and environment heterogeneity often leads to application crashes. Lotan analyzes these crashes to detect the attack and aid the response. Lotan collects crashes using either a simple registry change on Windows, or a small userland application for Linux. A RESTful API allows you to share evidence and conclusions with your existing Threat Defense and SIEM solutions. The API provides insight into each step of Lotan's workflow, including detailed information required to understand and respond to the threat rapidly. Lotan greatly increases the accuracy, rate, and speed with which threats are detected, and impedes the ability of adversaries to operate undetected within your network. -
6
CrowdSec
CrowdSec
CrowdSec is a free, open-source and collaborative IPS to analyze behaviors, respond to attacks & share signals across the community, outnumbering cybercriminals all together. Set up your own intrusion detection system. Apply behavior scenarios to identify cyber threats. Share and benefit from a crowdsourced and curated cyber threat intelligence system. Define the type of remediation you want to apply and where. Leverage the community’s IP blocklist and automate your security. CrowdSec is designed to run seamlessly on virtual machines, bare-metal servers, containers or to be called directly from your code with our API. Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone. CrowdSec is 60x faster than tools like Fail2ban and can parse massive amounts of logs in no time. -
7
VulnCheck
VulnCheck
Unprecedented visibility into the vulnerable ecosystem from the eye of the storm. Prioritize response and finish taking action before the attacks occur. Early access to new vulnerability information not found in the NVD along with dozens of unique fields. Real-time monitoring of exploit PoCs; exploitation timelines; ransomware, botnet, and APT/threat actor activity. In-house developed exploit PoCs, packet captures to defend against initial access vulnerabilities. Integrate vulnerability assessment into existing asset inventory systems, anywhere package URLs or CPE strings are present. Explore VulnCheck, a next-generation cyber threat intelligence platform, which provides exploit and vulnerability intelligence directly into the tools, processes, programs, and systems that need it to outpace adversaries. Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't. -
8
alphaMountain Threat Intelligence APIs and Feeds
alphaMountain AI
alphaMountain’s domain and IP threat intelligence powers many of the world’s leading cybersecurity solutions. High-fidelity threat feeds are updated hourly with fresh URL classification, threat ratings and actionable intelligence on over 2 billion hosts including domains and IP addresses. KEY BENEFITS: Get high-fidelity URL classification and threat ratings for any URL from 1.00 to 10.0. Receive fresh categorization and threat ratings updated every hour, syndicated via API or threat feed. See threat factors and other intelligence contributing to threat verdicts. USE CASES: Use threat feeds in your network security products such as secure web gateway, secure email gateway or next-generation firewall. Call the alphaMountain API from your SIEM to investigate threats or from your SOAR to automate responses such as blocking and policy updates. Detect if a URL is suspicious, contains malware, is a phishing site and which of 89 content categories the site belongs to.Starting Price: $300/month -
9
AhnLab TMS
AhnLab
Next-generation network-integrated threat management platform that provides in-depth threat analysis based on a big data processing framework and efficient integrated policy management of network security products. AhnLab TMS is the network threat management platform that manages multiple appliances, monitors and analyzes various threat information and responds to integrated appliances comprehensively. Recent network environments are diversifying from mobile to IoT devices and security threats are evolving. The need for an integrated threat management platform that comprehensively manages and responds to changes and security threats in these environments is increasing as a single existing solution makes it difficult to respond to them. It provides efficient policy management for the integrated appliances, collection/management of high capacity events, and in-depth analysis.
- Previous
- You're on page 1
- Next