Name: ThreatBook Advanced Threat Intelligence
Rating: 5 (92 reviews)

Overview

Service Information on ThreatBook Advanced Threat Intelligence

Updated 13th October 2025

What is ThreatBook Advanced Threat Intelligence?

ThreatBook Threat Intelligence Platform - NGTIP is a software designed to provide organizations with insights and analysis on cyber threats by aggregating, correlating, and contextualizing threat intelligence data from multiple sources. The software offers automated threat detection, situational awareness, and risk assessment capabilities to help users identify and respond to security incidents. It integrates with security infrastructure, delivers timely intelligence feeds, and supports investigation processes by providing threat indicators, contextual data, and analysis tools. The software aims to enhance cybersecurity operations by enabling proactive threat identification and supporting decision-making for security teams in complex digital environments.

Overall experience with ThreatBook Advanced Threat Intelligence

Engineering Manager

50M - 250M USD, IT Services

FAVORABLE

“Significant reduction in triage time thanks to advanced IOC enrichment”

5.0

Jun 10, 2026

We adopted ThreatBook. TIPabout ten months. ago tostrengthen threat intelligence enrichment for our IoT connectivity platform. As. a provider managingconnectivity. for hundred. ofenterprise clients,we process thousands of security. events daily,and TIP has become the backbone of our automated IOC enrichment pipeline. The API integration was smooth; we. hadit connected to our SIEM. andSOAR within two weeks. What stood out most is the context depth on high-fidelity indicators: attribution data, MITRE ATT&CK mapping, and geopolitical background come bundled with every IOC, which helps our small team make faster, more informed decisions without being intelligence analysts ourselves. The threat research portal. has als. provenvaluablefor proactive hunting; we have identified several Mirai and Mozi variant campaigns targeting IoT infrastructure weeks before they hit mainstream news. The vendor's support. teamis responsive, typically answering technical questions within. hours.Overall, TIP has cut our. meantime to triage from around. 45minutes to under. 15for most alerts.

There are no reviews in this category.

CRITICAL

About Company

Company Description

ThreatBook is a provider of cyber threat detection and response services. We developed new approaches to deliver high-fidelity, efficient, and actionable security intelligence. We integrated these capabilities with a full life cycle threat detection system and incident response mechanisms to enhance protection across cloud, network, and endpoints. This helps enterprises respond to threats efficiently, reduce complexity, and improve security operations.

Company Details

Company type

Private

Year Founded

2015

Head office location

Beijing, China

Number of employees

501 - 1000

Website

https://threatbook.cn/next/en

Do You Manage Peer Insights at ThreatBook?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook Advanced Threat Intelligence

Reviewer Insights for: ThreatBook Advanced Threat Intelligence

Deciding Factors: ThreatBook Advanced Threat Intelligence Vs. Market Average

Performance of ThreatBook Advanced Threat Intelligence Across Market Features

ThreatBook Advanced Threat Intelligence Likes & Dislikes

1. The IOC context depth and enrichment quality for IoT-specific threats have exceeded our expectations. Unlike generic threat feeds that just return a binary malicious or benign verdict, TIP provides rich contextual information: threat actor attribution, campaign association, targeted industry verticals, and MITRE ATT and CK technique mapping, all in a single API response. For our IoT-heavy environment, the ability to filter by attack surface relevance has been particularly useful, for example whether a C2 domain is associated with known IoT botnet infrastructure. Over the past six months, TIP enrichment has helped us catch three targeted credential-stuffing campaigns against our customer device management. portalsthat our previous basic threat feed completely missed. 2. The API performance and integration flexibility have enabled us to build automated enrichment workflows with minimal engineering effort. The REST API consistently responds in under 200 milliseconds, which means we. canenrich IOCs inline during real-time. eventprocessing without introducing noticeable latency into our detection pipeline. We have integrated TIP with. ourSplunk SIEM for automated lookup, with our SOAR playbook for conditional escalation, and with a custom Slack bot. thatpushes high-severity threat notifications to our engineering channel. The webhook callback mechanism for bulk. IOCsubmissions is also well-designed: we submit batches of 500 to. 1000indicators nightly from our honeypot network, and the asynchronous processing handles. themreliably. 3. The proactive. threathunting and campaign intelligence capabilities have become an unexpected force multiplier for our team. The threat research portal provides curated analyst notes, campaign timelines, and. IoCpackages for active threat

a Telecom-specific threat intelligence that covers BGP hijack actor infrastructure, SS7/Diameter signaling threat IOCs, and. DDoS botnetC2. mapping domains where generic. threatfeeds are completely silent. We identified an active hijack preparation campaign targeting our Hong Kong-to-Singapore transit route through TIP's actor-tracking data, allowing us to implement BGP prefix filtering before the attack launched. The carrier-focused campaign briefings provide actionable context our NOC and. SOCanalysts cannot get from any other source. a API performance and reliability have been outstanding consistent sub-200-millisecond response times with 99.9% uptime. over12 months of production use. We integrated TIP directly into our traffic scrubbing centers. forautomated DDoS mitigation and into our SIEM for real-time alert enrichment. The REST API handles peak loads during DDoS events without degradation, and the bulk IOC export capability allows. usto feed our entire edge filtering infrastructure with updated threat data every 15 minutes. a The. analystresearch portal provides human-curated telecom threat campaign intelligence with full ATT&CK mapping and attribution context. Weekly threat briefings flagged carrier-targeted campaigns including the GhostTelecom APT group 10 days before public disclosure, giving our threat. huntingteam a critical head start. The deep-dive reports on telecom-specific malware families and infrastructure profiling save our analysts 810 hours per week that were previously spent manually correlating fragmented open-source intelligence.

Comprehensive and timely threat intelligence coverageThe intelligence library covers APT campaigns, vulnerability exploits, phishing infrastructures, and botnet C2 indicators with regular update cycles. The contextual enrichment including ATT&CK mapping, threat actor profiles, and industry-specific campaign tracking helps our SOC team quickly assess threat relevance and prioritize response actions effectively.Flexible API integration with security ecosystemTIP provides standard RESTful APIs with response times consistently under 200ms, enabling seamless integration with our SIEM, SOAR, and EDR platforms. Intelligence data can. beautomatically pushed to downstream detection and response tools, which has significantly reduced the manual effort. ofcross-tool data correlation and accelerated our automated threat blocking workflow.Effective threat hunting and investigation supportThe analyst portal provides powerful query capabilities with full-text search, IOC relationship graphing, and historical threat campaign tracking. Our threat hunting team can trace the full lifecycle of a campaign from initial IOC to attribution within a single console, which has considerably shortened our investigation cycles from hours to minutes.

1. The. updatelatency on lower-tier and regional IOCs is a persistent concern. While high-severity, globally trending indicators. arerefreshed within minutes, we have noticed that IOCs specific to niche IoT botnets and China-regional threat actor infrastructure can lag by 24 to 48 hours. For a connectivity platform where clients span manufacturing, logistics, and smart city. verticals acrossAsia, timely regional threat data is critical. There have been at least four instances in the past quarter where we independently identified a malicious domain through our own honeypot telemetry only. tofind that TIP still classified. itas unknown. orunrated for another. day ormore. This delay undermines our confidence when we are providing threat assessments to clients. whoexpect real-time intelligence. 2. The API documentation, while adequate for basic integration, lacks depth in several important areas. Rate limiting behavior is poorly documented: we discovered through trial and error that. theconcurrent request limit varies by. API endpointrather than being a global threshold, which caused intermittent 429 errors during our initial load testing. Error codes are inconsistently formatted: some return structured JSON with actionable messages while others return plain. text,making automated error handling more fragile than. itshould. be.The documentation for the bulk submission endpoint does not clearly explain the asynchronous callback lifecycle, which led to. afew dropped batches. in our first month beforethe support team clarified the expected workflow. We would. alsoappreciate more detailed SDK examples beyond the basic Python snippet currently provided. 3. The web console performance degrades noticeably when running queries against historical. databeyond 90 days.

a TIP does not integrate with BGP route telemetry or internet routing. datasources. While TIP provides intelligence on BGP hijack threat actors, it cannot ingest our BGP monitoring feeds. orcorrelate hijack indicators with live route announcements observed at. our peeringpoints. This forces our NOC. tomanually cross-check TIP actor IOCs against IRR databases and. route collectors, addingroughly 2030 minutes of manual research per hijack investigation. a Carrier-grade. IPv6 threatintelligence coverage is significantly weaker than IPv4. With. ourbackbone traffic shifting. towardIPv6, this gap is increasingly problematic only about 1520% of the IPv6 IOCs we need are available compared to near-complete. IPv4coverage. This is particularly noticeable for IPv6-based. DDoSbotnet infrastructure and IPv6 C2. nodes, wherethe intelligence often arrives. day. laterthanthe IPv4. equivalents,if at all. a TIP cannot push malicious domain and phone number IOCs to our telecom fraud management and SMS filtering platforms, which is a missed opportunity. for a carrier handling billionsof SMS and. voice calls monthly. Wecurrently. export TIPthreat data to. CSV andmanually feed it into our fraud detection systems, a process that. run. on 24-hourcyclesinstead of near-real-time. For phone-number-based phishing campaigns and SMS malware. distribution, this lagmeans fraudulent traffic. often reaches subscribersbefore our filtering systems are updated.

Inconsistent IOC update latency for emerging threatsWhile established threat feeds update reliably, IOC coverage for newly emerging threats targeting our manufacturing sector occasionally lags by 12-24 hours. During critical vulnerability windows, this delay forces our team to manually supplement intelligence from open-source feeds, which undermines the platforms value proposition as a primary intelligence source.Limited custom intelligence subscription rule flexibilityThe built-in intelligence subscription templates are relatively fixed and cannot support fine-grained customization based on our specific regional threats, attack types, or production environment context. We frequently. needto manually filter and triage intelligence to extract content relevant to. ourautomotive manufacturing supply chain security.Visualization dashboard lacks depth for executive reportingThe threat trend and attack landscape dashboards offer basic chart. typeswithout customizable drill-down or multi-dimensional analysis views. When preparing monthly security reports for leadership, we need to manually export. rawdata and build our own visualizations, which adds unnecessary operational overhead to the security team.

Top ThreatBook Advanced Threat Intelligence Alternatives

4.8

(356 Ratings)

4.8

(334 Ratings)

4.6

(278 Ratings)

View All Alternatives

Peer Discussions

ThreatBook Advanced Threat Intelligence Reviews and Ratings

5.0

(92 Ratings)

Rating Distribution

5 Star: 99%
4 Star: 1%
3 Star: 0%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.8

Planning & Transition

4.8

Delivery & Execution

4.9

Integration & Deployment

5.0

Service & Support

5.0

Service Capabilities

4.9

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Engineering Manager
50M-1B USD
IT Services
Review Source
Significant reduction in triage time thanks to advanced IOC enrichment
5.0
Jun 10, 2026
We adopted ThreatBook. TIPabout ten months. ago tostrengthen threat intelligence enrichment for our IoT connectivity platform. As. a provider managingconnectivity. for hundred. ofenterprise clients,we process thousands of security. events daily,and TIP has become the backbone of our automated IOC enrichment pipeline. The API integration was smooth; we. hadit connected to our SIEM. andSOAR within two weeks. What stood out most is the context depth on high-fidelity indicators: attribution data, MITRE ATT&CK mapping, and geopolitical background come bundled with every IOC, which helps our small team make faster, more informed decisions without being intelligence analysts ourselves. The threat research portal. has als. provenvaluablefor proactive hunting; we have identified several Mirai and Mozi variant campaigns targeting IoT infrastructure weeks before they hit mainstream news. The vendor's support. teamis responsive, typically answering technical questions within. hours.Overall, TIP has cut our. meantime to triage from around. 45minutes to under. 15for most alerts.
Manager, IT Security and Risk Management
50M-1B USD
Telecommunication
Review Source
Telecom-focused threat intelligence streamlined BGP hijack detection and response
5.0
Jun 1, 2026
We integrated ThreatBook TIP. into ourglobal SOC to enrich threat visibility across international carrier operations spanning Asia-Pacific, Europe, and the Americas. As a telecom operator, we face unique threats — BGP hijacking campaigns, DDoS botnet infrastructure targeting carrier backbone nodes, and SS7/Diameter signaling attacks — that generic threat feeds. simplydo not cover. TIP filled this gap with telecom-specific intelligence, including BGP. hijack actortracking and DDoS command-and-control infrastructure mapping. The API consistently delivers IOC enrichment in under 200 milliseconds, integrated directly with our SIEM and traffic scrubbing platforms for automated blocking decisions. Within. the first quarter,TIP surfaced an active BGP hijack preparation. campaignagainst our Hong Kong-to-Singapore transit route that our existing feeds completely missed. The human-curated weekly briefings on carrier-targeted threat actors. have become essential readin. forou. threat hunting team, providingcontextand attribution we previously spent hours researching manually.
IT Security & Risk Management Associate
1B-10B USD
Manufacturing
Review Source
ThreatBook TIP Sharply Reduced Alert Fatigue and Investigation Time
5.0
Jun 9, 2026
TIP acts as the core threat intelligence center. ofour enterprise security operation system, providing external threat intelligence aggregation, internal threat correlation, and IOC subscription services. The intelligence library. covers awide range. of threattypes including APT campaigns, vulnerability exploits, and phishing infrastructures with regular update cycles, which effectively supports our threat early warning and incident investigation workflows. The API integration with our existing SIEM and SOAR platforms has been relatively smooth. However, some functions in multi-source intelligence fusion, custom rule flexibility, and the visualization dashboard need further enhancement to meet our growing security operation requirements.
IT Associate
50M-1B USD
Manufacturing
Review Source
Investigation efficiency improved by rich context and accurate threat feeds
5.0
Jun 1, 2026
We have deployed ThreatBook Threat Intelligence Platform for 12 months as our core threat intelligence source, with an overall satisfaction score of 4.5 out of 5. The core reason for the high. ratin. is its high-fidelityIOC feedsand rich contextual threat analysis, which greatly improves our SOC team's investigation efficiency. It performs. excellentlyin IP reputation scoring, domain risk. assessment, and automated threat indicator sharingvia API, while minor drawbacks include occasional intelligence update latency for. niche APT campaigns and limited industry-specificthreat profiling customization.
IT Associate
<50M USD
Manufacturing
Review Source
A Powerful Threat Intelligence Management Platform for Advanced Threat Detection
5.0
May 11, 2026
TIP is very useful for us.It provides highly accurate threat intelligence and also serves as a local threat intelligence platform.We use it daily to reduce noise from security device alerts and detect compromise scenarios.Since we have many security devices generating excessive alerts and false positives, we rely on threat intelligence to reduce false alarms and focus on real threats within a limited time.In addition to its intelligence capabilities, TIP can also integrate with other gateway devices to block malicious IPs and domains.The entire process,from threat detection to blocking,is fully automated,except for a small number of cases that require secondary analysis by our team.

...

Showing Result 1-5 of 96

Recommended Gartner Insights

Magic Quadrant for Security Threat Intelligence Products and Services (Transitioning to Cyber Threat Intelligence Technologies)

This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.

ThreatBook Advanced Threat Intelligence

Overview

Service Information on ThreatBook Advanced Threat Intelligence

What is ThreatBook Advanced Threat Intelligence?

ThreatBook Advanced Threat Intelligence Pricing

Overall experience with ThreatBook Advanced Threat Intelligence

“Significant reduction in triage time thanks to advanced IOC enrichment”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook Advanced Threat Intelligence

Reviewer Insights for: ThreatBook Advanced Threat Intelligence

Deciding Factors: ThreatBook Advanced Threat Intelligence Vs. Market Average

Performance of ThreatBook Advanced Threat Intelligence Across Market Features

ThreatBook Advanced Threat Intelligence Likes & Dislikes

Top ThreatBook Advanced Threat Intelligence Alternatives

1. CloudSEK XVigil

2. Cyble Vision

3. Recorded Future Intelligence Platform

Peer Discussions

ThreatBook Advanced Threat Intelligence Reviews and Ratings

5.0

(92 Ratings)

Rating Distribution

Customer Experience

Service Capabilities

Significant reduction in triage time thanks to advanced IOC enrichment

Telecom-focused threat intelligence streamlined BGP hijack detection and response

ThreatBook TIP Sharply Reduced Alert Fatigue and Investigation Time

Investigation efficiency improved by rich context and accurate threat feeds

A Powerful Threat Intelligence Management Platform for Advanced Threat Detection

Recommended Gartner Insights

User Sentiment About ThreatBook Advanced Threat Intelligence

Reviewer Insights for: ThreatBook Advanced Threat Intelligence

Deciding Factors: ThreatBook Advanced Threat Intelligence Vs. Market Average

Performance of ThreatBook Advanced Threat Intelligence Across Market Features

ThreatBook Advanced Threat Intelligence Likes & Dislikes