Integrations

Seamless Security Integrations

Connect isMalicious to your existing security stack

Native integrations with leading threat intelligence platforms. Enrich your security workflows with real-time threat data from 500+ sources.

Get Your API KeyView Documentation
3
Native Integrations
500+
Threat Sources
Real-time
Enrichment
Free
Tier Available

Native Connectors

Ready-to-deploy integrations for popular security platforms

OpenCTI logo

OpenCTI

Active

Internal enrichment connector for OpenCTI threat intelligence platform

  • IPv4, IPv6, and Domain enrichment
  • Risk score with threat labels
  • Geolocation and external references
  • Docker deployment ready
Get Started
Cortex / TheHive logo

Cortex / TheHive

Officialv3.6.8+

Official analyzer for Cortex SOAR and TheHive incident response

  • IP, domain, and FQDN analysis
  • Risk scoring with taxonomies
  • TheHive case enrichment
  • Official Cortex-Analyzers repo
Get StartedView Release
IntelOwl logo

IntelOwl

Coming Soon

Multi-source threat intelligence aggregation with isMalicious

  • Automated IOC enrichment
  • Multi-analyzer orchestration
  • API integration ready
  • Request early access
Notify Me

Firewall Integrations

Protect your network infrastructure by integrating our blocklists directly into your firewall.

# Create ipset
$ ipset create ismalicious hash:ip
# Add drop rule
$ iptables -I INPUT -m set --match-set ismalicious src -j DROP

iptables

Native Linux firewall integration using ipset for high-performance blocking.

Integration Steps

  • 1Download the blocklist using curl
  • 2Load IPs into an ipset for efficiency
  • 3Add iptables rule to drop traffic matching the set
  • 4Persist rules using iptables-save
Configure
pfBlockerNGActive
Source URL
https://api.ismalicious.com/v1/...
ActionDeny Both

pfSense

Automated threat blocking via pfBlockerNG package integration.

Integration Steps

  • 1Install pfBlockerNG package
  • 2Add new IPv4 Alias with Auto format
  • 3Paste isMalicious blocklist URL
  • 4Set Action to "Deny Both"
Configure
F
External ConnectorFabric Config
Type
IP Address
Refresh
1440 min
Status
Connected

FortiGate

Enterprise firewall integration via External Threat Feed connector.

Integration Steps

  • 1Create External Resource in Security Fabric
  • 2Select "IP Address" type
  • 3Configure refresh rate (1440 min)
  • 4Apply to Firewall Policy
Configure

Build Your Own Integration

Use our comprehensive REST API to build custom integrations with any platform. SDKs available for Python, Node.js, Go, and more.

API ReferenceView SDKs

Integration Use Cases

How security teams leverage isMalicious integrations

SOC Alert Enrichment

Automatically enrich security alerts with threat context and risk scores for faster triage.

Automated Threat Hunting

Integrate threat intelligence into hunting workflows for proactive threat detection.

Incident Response

Accelerate investigations with instant IOC enrichment during incident response.

Custom Integrations

Build custom integrations using our comprehensive REST API and SDKs.

Frequently Asked Questions

Do I need a paid plan to use integrations?
No! All integrations work with our free tier. Paid plans offer higher rate limits and additional features like bulk enrichment and priority support.
How do I get an API key?
Sign up for a free account at ismalicious.com, navigate to your dashboard, and generate an API key. It takes less than a minute.
Is the Cortex analyzer officially supported?
Yes! Our Cortex analyzer is included in the official Cortex-Analyzers repository (v3.6.8+) maintained by TheHive Project. It is production-ready and maintained by the isMalicious team.
How do I deploy the OpenCTI connector?
The OpenCTI connector can be deployed via Docker using docker-compose or manually with Python. Full deployment instructions are available on the OpenCTI integration page.
Can I request a new integration?
Absolutely! Contact us with your integration request and we'll prioritize based on demand. We're actively working on IntelOwl support.
What data types are supported?
We support IPv4 addresses, IPv6 addresses, domain names, FQDNs, and URLs across all integrations. Each integration may have specific supported types documented on its detail page.
How fresh is the threat intelligence data?
Our threat intelligence is updated in real-time from 500+ sources. When you query an IOC through any integration, you get the latest available threat data.

Ready to Integrate?

Get started with isMalicious integrations in minutes. Free tier available for development and testing.

Get Your API KeyContact Sales