Name: ThreatBook Advanced Threat Intelligence
Rating: 5 (85 reviews)

Overview

Service Information on ThreatBook Advanced Threat Intelligence

Updated 13th October 2025

What is ThreatBook Advanced Threat Intelligence?

ThreatBook Threat Intelligence Platform - NGTIP is a software designed to provide organizations with insights and analysis on cyber threats by aggregating, correlating, and contextualizing threat intelligence data from multiple sources. The software offers automated threat detection, situational awareness, and risk assessment capabilities to help users identify and respond to security incidents. It integrates with security infrastructure, delivers timely intelligence feeds, and supports investigation processes by providing threat indicators, contextual data, and analysis tools. The software aims to enhance cybersecurity operations by enabling proactive threat identification and supporting decision-making for security teams in complex digital environments.

Overall experience with ThreatBook Advanced Threat Intelligence

Engineering Manager

50M - 250M USD, IT Services

FAVORABLE

“Significant reduction in triage time thanks to advanced IOC enrichment”

4.0

May 27, 2026

We adopted ThreatBook. TIPabout ten months. ago tostrengthen threat intelligence enrichment for our IoT connectivity platform. As. a provider managingconnectivity. for hundred. ofenterprise clients,we process thousands of security. events daily,and TIP has become the backbone of our automated IOC enrichment pipeline. The API integration was smooth; we. hadit connected to our SIEM. andSOAR within two weeks. What stood out most is the context depth on high-fidelity indicators: attribution data, MITRE ATT&CK mapping, and geopolitical background come bundled with every IOC, which helps our small team make faster, more informed decisions without being intelligence analysts ourselves. The threat research portal. has als. provenvaluablefor proactive hunting; we have identified several Mirai and Mozi variant campaigns targeting IoT infrastructure weeks before they hit mainstream news. The vendor's support. teamis responsive, typically answering technical questions within. hours.Overall, TIP has cut our. meantime to triage from around. 45minutes to under. 15for most alerts.

There are no reviews in this category.

CRITICAL

About Company

Company Description

ThreatBook is a provider of cyber threat detection and response services. We developed new approaches to deliver high-fidelity, efficient, and actionable security intelligence. We integrated these capabilities with a full life cycle threat detection system and incident response mechanisms to enhance protection across cloud, network, and endpoints. This helps enterprises respond to threats efficiently, reduce complexity, and improve security operations.

Company Details

Company type

Private

Year Founded

2015

Head office location

Beijing, China

Number of employees

501 - 1000

Website

https://threatbook.cn/next/en

Do You Manage Peer Insights at ThreatBook?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook Advanced Threat Intelligence

Reviewer Insights for: ThreatBook Advanced Threat Intelligence

Deciding Factors: ThreatBook Advanced Threat Intelligence Vs. Market Average

Performance of ThreatBook Advanced Threat Intelligence Across Market Features

ThreatBook Advanced Threat Intelligence Likes & Dislikes

1. The IOC context depth and enrichment quality for IoT-specific threats have exceeded our expectations. Unlike generic threat feeds that just return a binary malicious or benign verdict, TIP provides rich contextual information: threat actor attribution, campaign association, targeted industry verticals, and MITRE ATT and CK technique mapping, all in a single API response. For our IoT-heavy environment, the ability to filter by attack surface relevance has been particularly useful, for example whether a C2 domain is associated with known IoT botnet infrastructure. Over the past six months, TIP enrichment has helped us catch three targeted credential-stuffing campaigns against our customer device management. portalsthat our previous basic threat feed completely missed. 2. The API performance and integration flexibility have enabled us to build automated enrichment workflows with minimal engineering effort. The REST API consistently responds in under 200 milliseconds, which means we. canenrich IOCs inline during real-time. eventprocessing without introducing noticeable latency into our detection pipeline. We have integrated TIP with. ourSplunk SIEM for automated lookup, with our SOAR playbook for conditional escalation, and with a custom Slack bot. thatpushes high-severity threat notifications to our engineering channel. The webhook callback mechanism for bulk. IOCsubmissions is also well-designed: we submit batches of 500 to. 1000indicators nightly from our honeypot network, and the asynchronous processing handles. themreliably. 3. The proactive. threathunting and campaign intelligence capabilities have become an unexpected force multiplier for our team. The threat research portal provides curated analyst notes, campaign timelines, and. IoCpackages for active threat

a Telecom-specific threat intelligence that covers BGP hijack actor infrastructure, SS7/Diameter signaling threat IOCs, and. DDoS botnetC2. mapping domains where generic. threatfeeds are completely silent. We identified an active hijack preparation campaign targeting our Hong Kong-to-Singapore transit route through TIP's actor-tracking data, allowing us to implement BGP prefix filtering before the attack launched. The carrier-focused campaign briefings provide actionable context our NOC and. SOCanalysts cannot get from any other source. a API performance and reliability have been outstanding consistent sub-200-millisecond response times with 99.9% uptime. over12 months of production use. We integrated TIP directly into our traffic scrubbing centers. forautomated DDoS mitigation and into our SIEM for real-time alert enrichment. The REST API handles peak loads during DDoS events without degradation, and the bulk IOC export capability allows. usto feed our entire edge filtering infrastructure with updated threat data every 15 minutes. a The. analystresearch portal provides human-curated telecom threat campaign intelligence with full ATT&CK mapping and attribution context. Weekly threat briefings flagged carrier-targeted campaigns including the GhostTelecom APT group 10 days before public disclosure, giving our threat. huntingteam a critical head start. The deep-dive reports on telecom-specific malware families and infrastructure profiling save our analysts 810 hours per week that were previously spent manually correlating fragmented open-source intelligence.

First, the product highly accurate threat intelligence with very few false positives.Second, it supports automated workflows, such as integrating with firewalls or gateway devices to block malicious IPs and domains automatically, without requiring manual blocking operations.

1. The. updatelatency on lower-tier and regional IOCs is a persistent concern. While high-severity, globally trending indicators. arerefreshed within minutes, we have noticed that IOCs specific to niche IoT botnets and China-regional threat actor infrastructure can lag by 24 to 48 hours. For a connectivity platform where clients span manufacturing, logistics, and smart city. verticals acrossAsia, timely regional threat data is critical. There have been at least four instances in the past quarter where we independently identified a malicious domain through our own honeypot telemetry only. tofind that TIP still classified. itas unknown. orunrated for another. day ormore. This delay undermines our confidence when we are providing threat assessments to clients. whoexpect real-time intelligence. 2. The API documentation, while adequate for basic integration, lacks depth in several important areas. Rate limiting behavior is poorly documented: we discovered through trial and error that. theconcurrent request limit varies by. API endpointrather than being a global threshold, which caused intermittent 429 errors during our initial load testing. Error codes are inconsistently formatted: some return structured JSON with actionable messages while others return plain. text,making automated error handling more fragile than. itshould. be.The documentation for the bulk submission endpoint does not clearly explain the asynchronous callback lifecycle, which led to. afew dropped batches. in our first month beforethe support team clarified the expected workflow. We would. alsoappreciate more detailed SDK examples beyond the basic Python snippet currently provided. 3. The web console performance degrades noticeably when running queries against historical. databeyond 90 days.

a TIP does not integrate with BGP route telemetry or internet routing. datasources. While TIP provides intelligence on BGP hijack threat actors, it cannot ingest our BGP monitoring feeds. orcorrelate hijack indicators with live route announcements observed at. our peeringpoints. This forces our NOC. tomanually cross-check TIP actor IOCs against IRR databases and. route collectors, addingroughly 2030 minutes of manual research per hijack investigation. a Carrier-grade. IPv6 threatintelligence coverage is significantly weaker than IPv4. With. ourbackbone traffic shifting. towardIPv6, this gap is increasingly problematic only about 1520% of the IPv6 IOCs we need are available compared to near-complete. IPv4coverage. This is particularly noticeable for IPv6-based. DDoSbotnet infrastructure and IPv6 C2. nodes, wherethe intelligence often arrives. day. laterthanthe IPv4. equivalents,if at all. a TIP cannot push malicious domain and phone number IOCs to our telecom fraud management and SMS filtering platforms, which is a missed opportunity. for a carrier handling billionsof SMS and. voice calls monthly. Wecurrently. export TIPthreat data to. CSV andmanually feed it into our fraud detection systems, a process that. run. on 24-hourcyclesinstead of near-real-time. For phone-number-based phishing campaigns and SMS malware. distribution, this lagmeans fraudulent traffic. often reaches subscribersbefore our filtering systems are updated.

TIP is deployed locally, so the threat intelligence update frequency is not as high as the cloud version.Occasionally, issues may occur during version upgrades, and support from ThreatBook engineers is required to resolve them.

Top ThreatBook Advanced Threat Intelligence Alternatives

4.8

(354 Ratings)

4.8

(334 Ratings)

4.6

(278 Ratings)

View All Alternatives

Peer Discussions

ThreatBook Advanced Threat Intelligence Reviews and Ratings

5.0

(85 Ratings)

Rating Distribution

5 Star: 98%
4 Star: 2%
3 Star: 0%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.8

Planning & Transition

4.8

Delivery & Execution

5.0

Integration & Deployment

5.0

Service & Support

5.0

Service Capabilities

4.9

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Engineering Manager
50M-1B USD
IT Services
Review Source
Significant reduction in triage time thanks to advanced IOC enrichment
4.0
May 27, 2026
We adopted ThreatBook. TIPabout ten months. ago tostrengthen threat intelligence enrichment for our IoT connectivity platform. As. a provider managingconnectivity. for hundred. ofenterprise clients,we process thousands of security. events daily,and TIP has become the backbone of our automated IOC enrichment pipeline. The API integration was smooth; we. hadit connected to our SIEM. andSOAR within two weeks. What stood out most is the context depth on high-fidelity indicators: attribution data, MITRE ATT&CK mapping, and geopolitical background come bundled with every IOC, which helps our small team make faster, more informed decisions without being intelligence analysts ourselves. The threat research portal. has als. provenvaluablefor proactive hunting; we have identified several Mirai and Mozi variant campaigns targeting IoT infrastructure weeks before they hit mainstream news. The vendor's support. teamis responsive, typically answering technical questions within. hours.Overall, TIP has cut our. meantime to triage from around. 45minutes to under. 15for most alerts.
Manager, IT Security and Risk Management
50M-1B USD
Telecommunication
Review Source
Telecom-focused threat intelligence streamlined BGP hijack detection and response
5.0
Jun 1, 2026
We integrated ThreatBook TIP. into ourglobal SOC to enrich threat visibility across international carrier operations spanning Asia-Pacific, Europe, and the Americas. As a telecom operator, we face unique threats — BGP hijacking campaigns, DDoS botnet infrastructure targeting carrier backbone nodes, and SS7/Diameter signaling attacks — that generic threat feeds. simplydo not cover. TIP filled this gap with telecom-specific intelligence, including BGP. hijack actortracking and DDoS command-and-control infrastructure mapping. The API consistently delivers IOC enrichment in under 200 milliseconds, integrated directly with our SIEM and traffic scrubbing platforms for automated blocking decisions. Within. the first quarter,TIP surfaced an active BGP hijack preparation. campaignagainst our Hong Kong-to-Singapore transit route that our existing feeds completely missed. The human-curated weekly briefings on carrier-targeted threat actors. have become essential readin. forou. threat hunting team, providingcontextand attribution we previously spent hours researching manually.
IT Associate
<50M USD
Manufacturing
Review Source
A Powerful Threat Intelligence Management Platform for Advanced Threat Detection
5.0
May 11, 2026
TIP is very useful for us.It provides highly accurate threat intelligence and also serves as a local threat intelligence platform.We use it daily to reduce noise from security device alerts and detect compromise scenarios.Since we have many security devices generating excessive alerts and false positives, we rely on threat intelligence to reduce false alarms and focus on real threats within a limited time.In addition to its intelligence capabilities, TIP can also integrate with other gateway devices to block malicious IPs and domains.The entire process,from threat detection to blocking,is fully automated,except for a small number of cases that require secondary analysis by our team.
IT Associate
50M-1B USD
Consumer Goods
Review Source
Powerful Local Threat Intelligence Platform
5.0
May 11, 2026
The overall user experience of the product is very good.With the help of threat intelligence, it can filter out a large number of false positives ,especially in environments with many security devices and massive alert volumes,which significantly reduces the pressure on security operations.TIP also has a certain level of openness and supports integration with other intelligence sources, such as open-source threat intelligence feeds.However, since it is deployed locally, the intelligence update frequency is lower compared to the cloud version.
Customer Service & Support Associate
10B+ USD
IT Services
Review Source
Integration Platform Reduces False Blockage Reports but Query Costs Remain High
5.0
May 8, 2026
We use the TIP and situational awareness platform for integration, which can significantly reduce many false reports of blockages for us.

...

Showing Result 1-5 of 89

Recommended Gartner Insights

Magic Quadrant for Security Threat Intelligence Products and Services (Transitioning to Cyber Threat Intelligence Technologies)

This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.

ThreatBook Advanced Threat Intelligence

Overview

Service Information on ThreatBook Advanced Threat Intelligence

What is ThreatBook Advanced Threat Intelligence?

ThreatBook Advanced Threat Intelligence Pricing

Overall experience with ThreatBook Advanced Threat Intelligence

“Significant reduction in triage time thanks to advanced IOC enrichment”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook Advanced Threat Intelligence

Reviewer Insights for: ThreatBook Advanced Threat Intelligence

Deciding Factors: ThreatBook Advanced Threat Intelligence Vs. Market Average

Performance of ThreatBook Advanced Threat Intelligence Across Market Features

ThreatBook Advanced Threat Intelligence Likes & Dislikes

Top ThreatBook Advanced Threat Intelligence Alternatives

1. CloudSEK XVigil

2. Cyble Vision

3. Recorded Future Intelligence Platform

Peer Discussions

ThreatBook Advanced Threat Intelligence Reviews and Ratings

5.0

(85 Ratings)

Rating Distribution

Customer Experience

Service Capabilities

Significant reduction in triage time thanks to advanced IOC enrichment

Telecom-focused threat intelligence streamlined BGP hijack detection and response

A Powerful Threat Intelligence Management Platform for Advanced Threat Detection

Powerful Local Threat Intelligence Platform

Integration Platform Reduces False Blockage Reports but Query Costs Remain High

Recommended Gartner Insights

User Sentiment About ThreatBook Advanced Threat Intelligence

Reviewer Insights for: ThreatBook Advanced Threat Intelligence

Deciding Factors: ThreatBook Advanced Threat Intelligence Vs. Market Average

Performance of ThreatBook Advanced Threat Intelligence Across Market Features

ThreatBook Advanced Threat Intelligence Likes & Dislikes