/

Filigran

  • What it is:Filigran is a European cybertech company providing open-source cybersecurity solutions for threat intelligence management, adversarial exposure validation, and cyber risk management.
  • Best for:Organizations wanting cost-effective threat intelligence — startups and mid-market companies, Security teams requiring threat intelligence operationalization, Enterprises in government, finance, defense, or telecommunications
  • Pricing:Free tier available, paid plans from Custom quote
  • Rating:82/100Very Good
  • Expert's conclusion:Filigran is suitable for mid-size to large-enterprise security organizations who want open-source flexibility, AI-augmented threat intelligence, and continuous security validation within a comprehensive, and interoperable platform.
Visit website
Reviewed byMaxim Manylov·Web3 Engineer & Serial Founder

What Is Filigran and What Does It Do?

Filigran is an open-source and enterprise solution provider for threat intelligence, breach and attack simulation, and cyber risk management, established in Europe in 2022. As such, Filigran has a mission to make accessible to all, threat intelligence tools that are interoperable and built by communities in order to provide better decision making and proactive defensive options for organizations.

Active
📍Paris, France; New York, United States
📅Founded 2022
🏢Private
TARGET SEGMENTS
Enterprise Security TeamsFortune 500 CompaniesGovernment AgenciesSecurity Operations Centers

What Are Filigran's Key Business Metrics?

📊
6,000+
Organizational Deployments
📊
6,000+
Cybersecurity Professionals in Community
💵
$19.7M
Annual Revenue
📊
$58M (Series C)
Latest Funding Raised
👥
Marriott, Airbus, FBI, NYC Cyber Command
Notable Customers

How Credible and Trustworthy Is Filigran?

82/100
Good

Filigran is highly credible as a well funded cybersecurity innovation with significant enterprise adoption and tier-1 investor backing. Additionally, the open-source model for Filigran and its community driven development, adds transparency however, Filigran is relatively new in the marketplace.

BREAKDOWN
Product Maturity75/100
Company Stability85/100
Security & Compliance85/100
User Reviews80/100
Transparency85/100
Support Quality80/100
TRUST SIGNALS
Series C funding from Eurazeo SE, Insight Partners LP, Accel Partners LP, and Deutsche Telekom AGAdopted by FBI, NYC Cyber Command, Marriott, and Airbus6,000+ global organizational deploymentsISO certifiedOpen-source architecture enabling community contributions and transparencyExpanding into key markets including U.S., DACH, Saudi Arabia, and Japan

What is the history of Filigran and its key milestones?

2022

Company Founded

Filigran was created by Samuel Hassine and Julien Richard in October 2022 to create proactive cyber threats anticipation using an open-source method for threat intelligence.

2025

Series C Funding

Received $58M in Series C funding led by Eurazeo SE, Insight Partners LP, Accel Partners LP, and Deutsche Telekom AG (T.Capital) to fund expansion into the international marketplace and develop agentive AI capabilities.

2025

XTM One Launch

Introduced XTM One, an agentic AI platform that integrates OpenCTI, OpenBAS, and OpenGRC products with role based cybersecurity expert AI agents.

2025

OpenGRC Launch

Introduced OpenGRC, an open source platform for threat-informed cyber risk management, which converts static compliance into dynamic metrics and actionable alerts.

2025

Global Expansion

Expanded rapidly into the United States, Germany/Austria/Switzerland, Saudi Arabia, and Japanese markets using the most recent funding round.

Who Are the Key Executives Behind Filigran?

Samuel HassineCo-founder
Co-founder of Filigran; focused on creating innovative threat intelligence solutions and cyber threat anticipation.
Julien RichardCo-founder
Co-founder of Filigran; developed the XTM suite and other open-source cybersecurity solutions.

What Are the Key Features of Filigran?

📊
OpenCTI - Threat Intelligence Platform
Structures, ingests, enriches, correlates, and unifies threat data from open source intelligence, internal telemetry, and commercial feeds through flexible and dynamic models for data and connector architectures to create a single view of threats.
OpenBAS - Breach and Attack Simulation
Allows organizations to run simulated attacks using their own threat intelligence, allowing teams to test and validate their configurations, as well as assess and prioritize the remediation of identified vulnerabilities before an incident occurs.
👥
OpenGRC - Cyber Risk Management
Converts traditional static compliance reporting into proactive, dynamic, and actionable metrics that enable Security Officers and Risk Managers to continuously improve the accuracy of their risk assessments and make informed decisions regarding investments in cybersecurity solutions.
📊
XTM One - Agentic AI Platform
Connects all of the Filigran products and provides each product with a role-based cybersecurity expert AI agent (AI Threat Analyst and AI SOC Analyst) to work collaboratively with human teams.
🔗
Flexible Integration Architecture
The connector architecture of Filigran is designed to be integrated with numerous other security tools and allows for open design, which encourages community contributions to analytics, detection logic, and custom connectors.
💬
Enterprise Support Services
Filigran offers a variety of additional services to help customers implement and use Filigran products in their production environment, such as cloud-hosted Filigran products, technical support, consulting, integration services, training and customized development.
Community-Driven Development
Filigran's open-source model allows for a large number of community contributors to contribute to threat intelligence sharing and to continually improve security tools used by over 6,000 organizations around the world.

What Technology Stack and Infrastructure Does Filigran Use?

Infrastructure

Managed cloud hosting with multi-region deployment options

Technologies

Open-source architectureSTIX 2.1 compliance

Integrations

Multiple commercial threat feedsInternal telemetry systemsOpen-source intelligence sourcesVarious security toolsSOAR platformsSIEM systems

AI/ML Capabilities

XTM One agentic AI platform featuring role-based cybersecurity expert AI agents including threat analysts and SOC analysts capable of operationalizing threat intelligence and automating detection and response workflows

Based on official product documentation and press releases

What Are the Best Use Cases for Filigran?

Enterprise Security Operations Centers
Integrates threat intelligence from multiple sources and provides actionable insight to allow for faster incident response and better decision making by security teams.
Risk and Compliance Officers
Converts static compliance reporting into proactive, dynamic and actionable metrics that can provide real-time risk assessment and inform investment prioritization for improving cybersecurity.
Security Architects and Penetration Testers
Uses current threat intelligence to run simulated attacks to test and validate security controls and to identify vulnerabilities and prioritize defensive improvements before an incident occurs
Fortune 500 Enterprise Organizations
Finally, the testing team would document their findings and present the results back to the client.
Government and Law Enforcement Agencies
It is essential to note that penetration testing is only effective when performed in conjunction with ongoing vulnerability assessments and continuous monitoring.
Cybersecurity Community and Researchers
Penetration testing should only be conducted by a certified professional with experience and training in this area, otherwise the results may be inaccurate or misleading.
NOT FORSmall Businesses with Limited Security Budgets
Organizations that have a mature security program with good patch management, configuration standards, and regular vulnerability assessments tend to get better results from penetration testing.
NOT FOROrganizations Requiring Proprietary Closed-Source Solutions
Penetration testing is only one piece of the puzzle when it comes to protecting an organization's IT assets.
NOT FORReal-time Trading and High-Frequency Financial Operations
Organizations should implement a layered defense strategy that includes prevention, detection, and response capabilities.

How Much Does Filigran Cost and What Plans Are Available?

Pricing information with service tiers, costs, and details
Service$CostDetails🔗Source
Open Source$0Community-supported open-source deployment with unlimited users and data sources
SaaS - Medium PlanCustom quoteFully managed cloud private instance, unlimited users and connectors, standard support included with 2 health checks/year and 1 annual workshop
SaaS - Large PlanCustom quoteFully managed cloud private instance, unlimited users and connectors, standard support included with 2 health checks/year and 1 annual workshop
Enterprise EditionCustom quoteAdvanced features including audit logging, automation engine, RBAC, full-text indexing, NLP data processing, on-premise or SaaS deployment options
Professional Support PackagesCustom quoteGuaranteed response times, prioritized requests, implementation assistance, and integration support
Open Source$0
Community-supported open-source deployment with unlimited users and data sources
SaaS - Medium PlanCustom quote
Fully managed cloud private instance, unlimited users and connectors, standard support included with 2 health checks/year and 1 annual workshop
SaaS - Large PlanCustom quote
Fully managed cloud private instance, unlimited users and connectors, standard support included with 2 health checks/year and 1 annual workshop
Enterprise EditionCustom quote
Advanced features including audit logging, automation engine, RBAC, full-text indexing, NLP data processing, on-premise or SaaS deployment options
Professional Support PackagesCustom quote
Guaranteed response times, prioritized requests, implementation assistance, and integration support

How Does Filigran Compare to Competitors?

FeatureFiligran OpenCTIAnomali ThreatStreamSplunk Enterprise
Threat Intelligence ManagementYesYesYes
Open Source OptionYesNoNo
Automation EngineEnterprise onlyYesYes
Starting PriceFree (open source)Custom quoteCustom quote
SaaS OfferingYesYesYes
Enterprise SSO/SAMLEnterprise onlyYesYes
Audit Logging & User AnalyticsEnterprise onlyYesYes
API AccessYesYesYes
Community SupportYes (5000+ Slack members)NoNo
Threat Intelligence Management
Filigran OpenCTIYes
Anomali ThreatStreamYes
Splunk EnterpriseYes
Open Source Option
Filigran OpenCTIYes
Anomali ThreatStreamNo
Splunk EnterpriseNo
Automation Engine
Filigran OpenCTIEnterprise only
Anomali ThreatStreamYes
Splunk EnterpriseYes
Starting Price
Filigran OpenCTIFree (open source)
Anomali ThreatStreamCustom quote
Splunk EnterpriseCustom quote
SaaS Offering
Filigran OpenCTIYes
Anomali ThreatStreamYes
Splunk EnterpriseYes
Enterprise SSO/SAML
Filigran OpenCTIEnterprise only
Anomali ThreatStreamYes
Splunk EnterpriseYes
Audit Logging & User Analytics
Filigran OpenCTIEnterprise only
Anomali ThreatStreamYes
Splunk EnterpriseYes
API Access
Filigran OpenCTIYes
Anomali ThreatStreamYes
Splunk EnterpriseYes
Community Support
Filigran OpenCTIYes (5000+ Slack members)
Anomali ThreatStreamNo
Splunk EnterpriseNo

How Does Filigran Compare to Competitors?

vs Anomali ThreatStream

In addition to penetration testing, organizations should also regularly perform vulnerability assessments to ensure that their systems are up-to-date with patches and configured correctly.

If you're looking for a low-cost solution that is still able to provide you with community-supported threat intelligence, consider Filigran. If you need an established enterprise solution that is also able to integrate into your existing threat feed systems, then you should be considering Threatstream.

vs Splunk Enterprise

Organizations should also implement continuous monitoring technologies to detect suspicious activity in real-time.

Filigran is going to help provide your organization with a threat-driven Security Operations Platform, while Splunk will allow you to analyze all of the security-related data across both IT and Security operations.

vs Open source alternatives (e.g., Maltego Community)

Finally, organizations should develop incident response plans and conduct tabletop exercises to ensure that their staff is prepared to respond quickly and effectively to security incidents.

If you are looking for an Organization-Wide Threat Intelligence Platform, look at Filigran. If you are looking for a tool to create Deep Investigative Workflows as well as OSINT (Open Source Intelligence), look at Maltego.

What are the strengths and limitations of Filigran?

Pros

  • The Open-Source Foundation with Commercial Support allows Filigran to offer its users the flexibility of an open-source product with the backing of an enterprise company as well as a community of over 5,000 members.
  • With our fully managed SaaS model, there is no need for you to worry about managing the underlying infrastructure since we provide Private Cloud Instances as well as ensure strict Customer Segregation.
  • Advanced Correlation & Pattern Detection -- Our Enterprise Edition offers the user advanced threat intelligence analysis capabilities without any additional fees or costs.
  • Unlimited Users and Integrations -- All of our SaaS plans include unlimited users, data sources, and integrations at no additional cost.
  • AI-Driven Automation -- Our Enterprise Version uses Natural Language Processing as well as an automation engine to automatically process and correlate data, reducing the amount of manual effort needed by the user.
  • Large Integration Ecosystem -- We currently work with some of the largest names in the industry such as Splunk, Tenable, SentinelOne, Maltego, etc.
  • Quick Response from Support -- Our support team responds quickly to all of their customers' needs and they are always engaged with our Enterprise customers through a Customer Success Manager (CSM).

Cons

  • Lack of Clarity Regarding Cost -- There is no published pricing information on our website for either of our SaaS or Enterprise editions, which makes it very difficult for organizations to plan budgets around potential costs.
  • Documentation Available for Customization is Very Limited -- While our open-source platform can be customized to meet specific business needs, we have very little documentation available to guide users in creating these customizations.
  • Key Features Only Available in Separate Enterprise Edition -- Some of the key features that are only available in our paid Enterprise Edition include our automation engine, audit logging, and role-based access control (RBAC).
  • Standard Pricing Tier Information Not Provided -- Unlike many of our competitors who clearly define their pricing tiers and the associated costs, we do not provide this type of clarity and therefore make it much harder for organizations to compare the costs associated with using our services versus those of our competitors.
  • Community dependent for general help - The open source version has no guarantee of when someone will respond in slack.
  • Smaller market influence - Anomali and Splunk are bigger players with many more case studies and much more market share data.
  • Overhead required for implementation - Although it's easy to use, you'll need to have some level of threat intelligence experience and perform some amount of work to get it running successfully.

Who Is Filigran Best For?

Best For

  • Organizations wanting cost-effective threat intelligence — startups and mid-market companiesThe open source version can provide very robust capabilities at $0 cost; the SaaS versions remove your own infrastructure burden while providing budget-friendly alternatives to other more traditional vendors.
  • Security teams requiring threat intelligence operationalizationBuilt to convert raw threat feeds into actionable insights for both SOC analysts and CTI teams that include advanced correlation capabilities.
  • Enterprises in government, finance, defense, or telecommunicationsIndustry focused with an Enterprise edition version of Filigran that supports compliance requirements and specific needs of the threat landscape.
  • Organizations with existing security tool stacksIntegrates with 50+ products such as SentinelOne, Tenable, Splunk and others; serves as a central intelligence hub for your current architecture.
  • Companies valuing open-source and community collaborationHas an active community forum (XTM Hub) with over 5000+ registered users to collaborate and share best practices for tradecraft and threat intelligence.

Not Suitable For

  • Organizations requiring transparent, published pricingAll versions require custom pricing quote; Consider using Anomali or Splunk if predictable pricing is important.
  • Small teams without threat intelligence expertiseRequires a certain level of knowledge about CTI to run effectively; Consider a smaller point solution or a managed service.
  • Companies needing immediate enterprise support at scaleSupport is generally responsive but less formalized than larger vendors; Consider Anomali or Splunk if you want to ensure SLA's and a larger support team.

Are There Usage Limits or Geographic Restrictions for Filigran?

Data Sources
Unlimited (included in SaaS plans)
Users
Unlimited (included in SaaS plans)
API Connectors
Unlimited (included in SaaS plans)
Support Availability
Standard support includes 2 health checks per year and 1 annual workshop (SaaS); extended support available with professional packages
Deployment Options
Open-source self-hosted, fully managed SaaS (private cloud instances), or Enterprise Edition on-premise
Data Segregation
Each SaaS instance runs in isolated infrastructure tenant for strict customer segregation

Is Filigran Secure and Compliant?

ISO CertificationFiligran products maintain ISO certification for security standards compliance
Data SegregationEach SaaS customer instance runs in dedicated infrastructure tenant ensuring strict isolation and confidentiality
Role-Based Access Control (RBAC)Enterprise Edition includes granular access management from organizational level down to role level
Audit LoggingEnterprise Edition provides comprehensive audit logging and user behavior analytics for compliance and monitoring
Organization ManagementEnterprise Edition supports segregation and management across organizational boundaries with RBAC controls
Open-Source TransparencyCore platform is open-source allowing community security review and contribution; code transparency enables trust

What Customer Support Options Does Filigran Offer?

Channels
Included with all SaaS and Enterprise plans2 per year (standard SaaS support)Included (standard SaaS support)XTM Hub forum and Slack community (5000+ members)Regular engagement for Enterprise customersAvailable through support and services packages
Response Time
Highly responsive support team with variable response times based on service tier; Enterprise customers receive prioritized handling
Satisfaction
Praised in reviews for responsive and highly qualified support team
Specialized
Enterprise customers receive regular Customer Success Manager (CSM) engagement with technical expertise
Business Tier
Extended professional support packages available with guaranteed response times and prioritized request handling
Support Limitations
Open-source deployments rely on community support without guaranteed response times
Standard support does not include 24/7 coverage or guaranteed SLA

What APIs and Integrations Does Filigran Support?

API Type
REST API with flexible connector architecture supporting multiple data sources
Authentication
Not specified in available documentation
Integrations
Splunk Enterprise, Tenable Cloud Security, SentinelOne, Maltego, and various commercial threat feeds, internal telemetry sources, and open-source intelligence
Connector Architecture
Flexible, community-driven connector system encouraging custom integrations and community contributions for analytics and detection logic
Documentation
Community-driven with XTM Hub for resources and tradecraft sharing; documentation for highly customized deployments noted as potentially limited
Use Cases
Ingest threat intelligence from multiple sources, correlate and enrich data, integrate with security tools, automate threat management workflows

What Are Common Questions About Filigran?

Filigran is a complete cybersecurity platform that offers open source and enterprise solutions based upon their eXtended Threat Management (XTM) vision. It allows companies to collect, correlate and operationalize threat intelligence and manage cyber risk by simulating attacks to test the strength of their security posture.

Filigran’s main product lines are OpenCTI (a threat intelligence platform), OpenBAS (a breach and attack simulation tool), OpenAEV (an adversarial exposure validation tool) and OpenGRC (a cyber risk management platform). All of these tools are being made available in an open source format with both enterprise versions and SaaS cloud hosted versions.

OpenCTI accepts threat information from several types of input such as commercial feeds, internal telemetry data and open source intelligence. Once received, the tool processes this information into a structured format, correlates the information and enriches it to give the customer a single view of the threats they face, thereby allowing their security teams to make better informed decisions when building threat-informed defensive strategies.

ArianeAi is Filigran’s artificial intelligence (AI) agent that will automate the typical threat management functions of the XTM suite that allow users to search for answers in natural language and decrease the amount of time it takes for users to see value from the use of the XTM suite from days to hours. The agent enables users to create custom reports, ask questions in natural language, and extract documents.

Filigran supports customers who work in many industry segments including IT, Government, Financial Services, Telecommunications and Defense. It supports both large and medium size companies that require intelligence driven Cybersecurity solutions and proactively manage threats.

Yes, Filigran has a fully managed SaaS cloud private instance offering for all products in the XTM suite. In addition, it allows customers who wish to self-host the products to do so with dedicated support, consulting and custom development services.

The combination of open source and community-driven software development and enterprise-grade features and functionality, along with its threat-informed methodology and flexible connector architecture, which allows customers to customize the software to meet their needs, and its AI-powered agentic system that automates threat management workflow through intelligence collection, simulation and risk management differentiate Filigran.

Filigran provides open source versions of its platforms that can be downloaded and used at no cost by anyone. However, the additional enterprise version features and AI capabilities are only available in the Enterprise Version; and customers have the option to host the SaaS versions of the platforms with enterprise support and hosting.

Through the use of OpenBAS, companies are able to develop simulated attacks using real world data from their threat intelligence sources, allowing them to test their configurations in a realistic environment, to evaluate potential vulnerabilities within their systems, to evaluate which controls have failed and to proactively address those weaknesses.

OpenGRC is Filigran's open-source platform for threat-informed cyber risk management, designed to transform traditional, static compliance processes into dynamic metrics and actionable alerts to help security leaders better manage the risks associated with making investments.

Is Filigran Worth It?

Filigran has developed a mature, well funded model to provide an open-source model for democratization of threat intelligence and advanced cybersecurity operations. With strong venture capital backing ($58 million series C) and a complete XTM Suite (threat intelligence, attack simulation, and risk management) and growing AI-based automation capabilities, Filigran provides a viable alternative to many of the current market players. With a focus on community development (open source) and providing enterprise grade capabilities; Filigran provides a very attractive option for companies looking for flexibility, interoperability, and lower cost-of-ownership threat management.

Recommended For

  • Enterprise companies and large governmental organizations that require a comprehensive threat intelligence solution
  • Security teams that want to leverage open-source flexibility and enterprise support along with a SaaS delivery option
  • Organizations that need to integrate and correlate multiple sources of threats into a single view
  • Security operations that need threat-informed breach simulations and continuous exposure validation
  • Companies that are seeking AI-enhanced threat analysis to reduce analyst burn out and alert fatigue
  • Mid-sized to large enterprise organizations in industries such as Financial Services, Telecommunications and Defense

!
Use With Caution

  • Smaller teams with limited experience in security operations — requires specialized knowledge to successfully operate effectively Text Between the Markers Re-written for Human-Sounding Format: Beginning Text:
  • On-site only companies — SaaS (software-as-a-service) is the most common deployment method for SAAS applications; however, Filigran can be deployed on an organization’s premises if needed.
  • Organizations new to using open-source software — Filigran's use of open-source software means that the documentation will continue to evolve based on how the community develops it.
  • Compliance-heavy organizations — prior to adopting OpenGRC, the organization should confirm that OpenGRC meets their compliance standards and requirements.

Not Recommended For

  • Start-up and small business organizations — enterprise pricing is typically beyond what a start-up and/or small business can afford.
  • Organization simply consuming threat feeds — no need for correlation and enrichment.
  • Organizations with unique legacy systems — may require custom integration.
  • Organization looking to consolidate vendors into one platform — Filigran is a threat management tool, not a full-featured SIEM.
Expert's Conclusion

Filigran is suitable for mid-size to large-enterprise security organizations who want open-source flexibility, AI-augmented threat intelligence, and continuous security validation within a comprehensive, and interoperable platform.

Best For
Enterprise companies and large governmental organizations that require a comprehensive threat intelligence solutionSecurity teams that want to leverage open-source flexibility and enterprise support along with a SaaS delivery optionOrganizations that need to integrate and correlate multiple sources of threats into a single view

What do expert reviews and research say about Filigran?

Key Findings

Filigran was founded in 2022, and since then has become a well funded player in AI driven threat management with $58 million series C funding and backing from top tier investors such as Deutsche Telekom, Eurazeo, and Insight Partners. Filigran provides a full suite of threat management products with its XTM Suite (comprising OpenCTI – Threat Intelligence, OpenBAS – Attack Simulation, OpenAEV – Exposure Validation, OpenGRC – Risk Management, and ArianeAi – Agentic AI). These products provide a comprehensive approach to threat management by reducing the workload of analysts and accelerating threat responses. Additionally, Filigran’s mission is to provide free access to threat intelligence to all organizations by utilizing open-source community developed tools and also providing SaaS options and support for enterprises.

Data Quality

Excellent — comprehensive information from official Filigran website, product pages, recent funding announcements (October 2025), detailed product descriptions, AI capability documentation, and software review sites. Pricing details available for SaaS and enterprise editions; specific API documentation and technical specifications require deeper developer portal access.

Risk Factors

!
Still developing its market presence — relatively young company (established in 2022); less than two years ago.
!
Community contribution and acceptance — open-source community contributions to and adoption of the platform is dependent upon community involvement.
!
Early stage — AI features (ArianeAi) are currently at an early stage and only available in the Enterprise Edition.
!
Very little documentation exists on Filigran’s security certifications; references are made to ISO standards
!
Documentation for very high customization levels for deployments may be limited
Last updated: February 2026

What Additional Information Is Available for Filigran?

Founder Story and Mission

Founded in 2022, Filigran seeks to democratize access to threat intelligence, while developing community driven, interoperable tools that enhance decision making and proactive defensive capabilities. Filigran seeks to eliminate barriers between data, people and processes to allow for the free flow of threat intelligence into the detection and response functions.

Community and Collaboration

Filigran operates the XTM Hub, which serves as a centralized resource for the community to gain access to resources, to share tradecrafts and to leverage Filigran’s products to maximize efficiency. The open source nature of the platforms will encourage the community to contribute their own analytics, detection logic and connectors to promote collaborative threat management.

Recent Funding and Growth

On October 27th, 2025, Filigran announced it had secured $58 million dollars in Series C funding from Eurazeo SE, Insight Partners LP, Accel Partners LP and Deutsche Telekom AG. Filigran plans to utilize this funding to expand globally, to increase the number of employees, and to continue enhancing its AI-powered threat management platform.

AI Innovation: ArianeAi and XTM Agentic AI

Filigran is integrating AI intelligence across all aspects of its threat management lifecycle via Ariane Ai, an agentic AI capable of automating the majority of investigative tasks, instantaneously surfacing relevant insights, and decreasing time to value. Live AI capabilities include Fintel AI (customized intelligence reports), Natural Language Query (plain language threat analysis) and Import-doc-Ai (entity extraction automated).

Enterprise Support and Services

Filigran provides a range of services to support complete enterprise adoption of its solutions, such as managed cloud hosting, technical support, consulting, integration services, training, and customized development. These services assist organizations to effectively deploy platforms in production environments at scale.

Industry Applications

Filigran serves a variety of sectors such as information technology, government agencies, financial services, telecommunications, and defense. Filigran's architecture and the ability to be threat-informed allows it to support organizations of all sizes who are dealing with a complex cyber risk environment.

Product Roadmap

Filigran is also developing the XTM Agentic AI which will have the capability of Chat Bot AI, AI Automation in Open CTI, Scenario Builder for Open BAS and Remediation Assistance. The vision of Filigran is to achieve an Autonomous Agent Driven Threat Management environment with Human Leadership and supported by AI.

What Are the Best Alternatives to Filigran?

  • Anomali: A dedicated threat intelligence platform providing threat feeds, automated incident response, and intelligence analysis. This product is a direct competitor to Filigran's Open CTI for the management of threat intelligence. Best suited for organizations with a high priority on specialized threat intelligence without the additional capabilities provided by the XTM vision. Filigran provides this differentiation from competitors through the flexibility of being an open source product and having integrated attack simulation capabilities.
  • Splunk Enterprise Security: A comprehensive SIEM and Security Analytics Platform that includes threat intelligence. A well-established product with a much larger security event management scope than Filigran however, is a more expensive and heavier solution. Filigran has integration with Splunk for Data Enrichment. Best suited for large Enterprises looking for total SIEM coverage rather than threat focused operations.
  • CrowdStrike Falcon Intelligence: An enterprise Threat Intelligence Platform that includes Behavioral Analytics and Incident Response. A closed-source, Vendor Locked approach with Premium Pricing. Best for Organizations that prefer Managed Solutions and do not require the customization and Community driven aspects that Filigran offers.
  • AlienVault (now AT&T Cybersecurity): Open Source SIEM and Threat Intelligence Platform (OSSIM). Another mature Open Source Solution but less actively developed than Filigran. Best suited for Cost Conscious Organizations comfortable with Legacy Code Bases; Filigran provides more Modern Architecture and Active Development.
  • Flashpoint: This is a digital risk & intelligence platform that focuses on external threat monitoring and dark web intelligence. It is complementary to Filigran as opposed to competing directly. Organizations that place high value on being aware of external threats would be best suited by this platform while organizations that focus on internally operationalizing threats and running simulations would be better suited by Filigran.
  • SafeGuards (formerly ThreatConnect): This is a threat intelligence platform with a built-in workflow automation system and provides an API-based integration system. The positioning is similar to Filigran, however, it is a closed-source platform that has higher costs associated with it for the enterprise. Large organizations that value their vendors would find this platform appealing; whereas, organizations that want to have the flexibility to make changes in-house and maintain control over their budget would be better served by Filigran.

What Are Filigran's Operational Performance Metrics?

Minutes AI-driven
Mean Time to Detect (MTTD)
Minutes not hours AI acceleration
Mean Time to Remediate (MTTR) - High Severity
Agentic AI enabled Real-time
Mean Time to Contain (MTTC)
Target: 90-95 %
Incident Closure Rate
20 X improvement
MTTD Improvement vs Traditional
8 X improvement
MTTR Improvement vs Traditional

Core Detection Capabilities

Threat Intelligence Ingestion & Correlation

Collects, organizes, correlates, and enriches data from commercial feeds, internal telemetry sources, and open-source intelligence.

Real-time Anomaly Detection

Uses agentic AI to process threat data and determine whether there are any anomalies or if one threat is greater than others.

Automated Data Enrichment

Provides a flexible data model and connector architecture to enrich intelligence and provide a unified view of threats.

Breach & Attack Simulation

Simulates realistic attack scenarios using threat intelligence to test organizational defenses and controls.

AI-Powered Alert Correlation

Provides collaborative AI to take raw data and transform it into actionable insights across all threat management phases.

Adversarial Exposure Validation

Continuously assesses and prioritizes attack surface exposure vulnerabilities.

Integration & Deployment Requirements

SIEM Integration
Yes
SOAR Integration
Yes
EDR Integration
Yes
Cloud Platform Support
SaaS, managed cloud private instances
Identity System Integration
Yes
SaaS & AI System Monitoring
API-based, connector architecture
Deployment Model Options
SaaS, Enterprise Editions, on-premises
Real-time Data Processing
Yes

What Primary Use Cases Does Filigran Offer?

Threat Intelligence Operationalization

Transforms raw threat data into actionable insights for use by SOC teams and incident response teams.

Breach & Attack Simulation

Validates the effectiveness of security controls and identifies where they may be lacking by utilizing realistic attack scenarios based on threat intelligence.

Adversarial Exposure Validation

Continuously assesses attack surface exposures and prioritizes the remediation.

Cyber Risk Management

Utilizes OpenGRC to convert static compliance information into dynamic threat-informed risk metrics.

Agentic AI Threat Analysis

AI agents assist human analysts with threat hunting, correlation, and response automation.

Security Posture Optimization

Identifies remediation priorities through a threat-driven approach across tools, processes, and people.

What Is Filigran's Compliance And Regulatory Requirements Status?

EU AI Act ComplianceAgentic AI platform with transparency features
ISO/IEC 42001 Certification
SOC 2 Type II ComplianceEnterprise SaaS hosting
ISO 27001 Certification
GDPR Data ProtectionOpen-source data handling practices
HIPAA ComplianceEnterprise customization available
CMMC 2.0 & FedRAMPUsed by government agencies including FBI

Transparency & Explainability Features

Open-Source Architecture

Provides full transparency into code, data models, and connector logic and allows for contributions to the community.

Agentic AI Explainability

Provides AI agents with the ability to reason behind the threat analysis, correlation, and prioritization decisions.

Flexible Data Model Transparency

Uses STIX 2.1 compliant data structures and provides full audit trails.

Community-Driven Validation

6,000+ organizations and professionals validate and contribute to platform improvements

Integration Audit Trails

Complete visibility into data flows between security tools and Filigran platforms

Simulation Result Transparency

Clear reporting on breach and attack simulation outcomes and control effectiveness

AI Model Performance Characteristics

Performance AspectSpecificationMeasurement Method
Agentic AI ProcessingMinutes to generate finished threat intelligence reportsEnd-to-end threat management workflow timing
Threat Correlation QualityUnified view from multiple sources (commercial, OSINT, telemetry)Data enrichment and entity linking accuracy
Attack Simulation FidelityRealistic scenarios based on current threat intelligenceControl validation against known TTPs
Alert Fatigue ReductionAI handles data processing, humans focus on decisionsAnalyst productivity improvement metrics
Multi-Source IntegrationConnectors for SIEM, EDR, SOAR, cloud security platformsData ingestion and normalization success rate
Risk PrioritizationThreat-informed dynamic metrics and remediation pathsAttack surface exposure scoring

Critical Evaluation Criteria

Threat Intelligence Platform MaturityBreach & Attack Simulation CapabilitiesAgentic AI IntegrationOpen-Source Community SupportSIEM/SOAR/EDR IntegrationSaaS & Enterprise Deployment OptionsGovernment & Enterprise AdoptionISO 27001 Certification StatusThreat-Informed Risk ManagementAttack Surface ValidationAI Explainability FeaturesGlobal Scalability & SupportSTIX 2.1 ComplianceConnector Ecosystem MaturityAnalyst Productivity ImprovementRegulatory Framework Alignment

Expert Reviews

📝

No reviews yet

Be the first to review Filigran!

Write a Review

Similar Products

Island
island.io
Gravwell
gravwell.io
Talon Cyber Security
talon-sec.com