Texture Top Left Grey 05

Intelligence API

Integrated Actionable Intelligence

FireEye Intelligence API enables you to integrate the world's best cyber threat intelligence into your existing security and risk management processes and technologies.

The result? Better security and massive efficiency gains.

Intelligence API links your security and risk management technologies to Threat Intelligence Cloud, which houses nearly a decade of the most comprehensive, globally-mined cyber threat intelligence available. Plus, Intelligence API makes it simple to integrate intelligence into your protection, detection, investigation, and response processes.

Work smarter, not harder with FireEye Threat Intelligence inside your key security systems.


Intelligence API documentation


Threat Intelligence Inside:
Adding Intelligence To Your Security Tools

A large and growing list of security vendors have already developed out of the box integrations using Intelligence API. Whether you want to enrich existing tools and processes, implement new intelligence-driven solutions or integrate intelligence into your homegrown system, we’ve got you covered.

Intelligence API leverages REST.


“FireEye Threat Intelligence is a brilliant complement to our other sources. I get a wide variety of threat indicators from a single download from the FireEye Threat Intelligence portal; it puts the data into an easily-consumable format for our SIEM to quickly ingest.”

- Manager of Security Operations, Multistate Healthcare Provider


Read the Multistate Healthcare Provider customer story
FireEye solutions and services provide comprehensive protection for healthcare provider.

Access to the Most Context Rich Intelligence Available

Intelligence API provides machine-to-machine integration with the most contextually-rich threat intelligence data available in the market today. The API provides automated access to much more than indicators of compromise (IOC) – the IP addresses and domain names bad guys are using to launch attacks or control compromised systems or the file hashes that can identify malware. With Intelligence API, you have instant access to IOCs connected to rich context so you can understand the who, what, why and even how behind security events.

What can Intelligence API do for you?

Security Operations

Security Operations

The average organization generates thousands of security events every day but only has the human resources to investigate a few. How do you know which events to focus on? With Intelligence API, you can match IOCs with events in your SIEM or security analytics platforms, cut through the noise and automate the prioritization of the events that warrant scrutiny. You can also drastically accelerate triage with context that helps you understand what you are facing. Are you dealing with cyber crime or espionage? Is this threat targeting our industry or is this likely “overspray” from a campaign targeting others?

Incident Response

Incident Response

Incident response teams are often flying blind, especially at the beginning of an incident. Who is behind this attack? What are they after? Why did they target us? Are they likely using other tactics, beyond the one that tripped the alarm? With Intelligence API, you have direct access to rich intelligence within the IR, analytics and forensics systems you use daily. You can gain deep situational awareness with a few mouse clicks and pivot from indicators to a detailed understanding of the adversary, their historic and active campaigns, methods, infrastructures and favorite malware. You can also pivot from the indicator that tripped the alarm to related IOCs used by the adversary, understand other possible attack vectors and use your IR tools to hunt for and more completely eradicate the threat.

Vulnerability & Patch Management

Vulnerability & Patch Management

Not all vulnerabilities are created equal. Some vulnerabilities are more critical than others. But how can you decide which systems to patch right now verses those that can be patched during your normal weekly, monthly or quarterly cycles? With Intelligence API, you have access to FireEye Threat Intelligence Vulnerability and Exploitation data, which provides rapid access to the latest vulnerabilities – often before they appear in the National Vulnerability Database or have an assigned CVE number. You also have programmatic access to rich contextual information about the vulnerability, such as known exploits in the wild or whether threat actors are actively developing exploits, and data like CVSS scores that enable you to automate accurate prioritization decisions.

Network Operations

Network Operations

Managing firewalls and gateway devices is a daunting, time-consuming task. What’s worse, blocking the wrong thing and causing a critical system outage can be a career-limiting move. With Intelligence API, you have access to highly-validated IOCs so you can block attacks with confidence. But let’s face it, most organizations put devices in alert rather than default block mode until they're confident the intelligence data doesn't block the wrong thing or cause false positives. An alert without context isn't protecting your systems from real threats. With Intelligence API, rich threat intelligence is integrated directly into your security devices. You’ll receive alerts along with the context you need to make informed decisions on whether to automatically block.

Technology Integration Partners

LookingGlass Cyber Solutions