What is the Crime Score and how is it calculated?

The Crime Score is a proprietary risk value ranging from 0 to 1000 assigned to every threat indicator. It combines the number and recency of alliance sightings, historical behaviour and repeat offence patterns, sector targeting profile, associated MITRE ATT&CK technique severity, and community confidence weighting from member contributions. A score of 700 or above is generally considered high-confidence for automated blocking.

Does the CTI feed support STIX and TAXII?

Yes. The OneFirewall CTI API returns indicators in STIX 2.1 format and is compatible with TAXII 2.1 for SIEM and SOAR platform ingestion. You can connect the feeds directly to Splunk, Microsoft Sentinel, IBM QRadar, or any other system that consumes STIX/TAXII without writing custom parsers.

How is OneFirewall priced?

OneFirewall uses device-based pricing — you pay per protected device or firewall node, not per traffic volume or number of alerts generated. This keeps costs predictable regardless of attack scale. Contact the team for a tailored quote based on your number of protected devices and required intelligence tiers.

Is there a free trial or Proof of Value available?

Yes. OneFirewall offers a Proof of Value (PoV) programme that allows organisations to connect to the live intelligence feed and measure its impact on their existing infrastructure before committing to a membership. Contact the team at onefirewall.com/contact.html to arrange a PoV.

Is OneFirewall GDPR compliant and Cyber Essentials certified?

Yes. OneFirewall Alliance LTD operates in compliance with UK GDPR and the Data Protection Act 2018. The platform processes only threat indicators (IP addresses, domains, URLs, and file hashes) — not personal data. The company is also Cyber Essentials Certified and recognised as one of the top 27 funded cybersecurity startups in the UK.

Actionable Cyber Threat Intelligence for real-time protection

Cyber criminals from around the world are grouping in associations to be more effective on their attacks, while 98% of organizations defend themselves alone!. Join OneFirewall Alliance Today for instant protection with a united CTI

Become a Member Proof of Value

OneFirewall Alliance - Global Threat Intelligence Network

Trusted by Global Organizations

A subset of our alliance members - currently surpassing 180 members worldwide.

Compatible and integrated with the following architectures and 166 more!

Alliance Members {contributors}

Real-time threat data collected from alliance members across Top 12 countries — continuously enriching the Alliance IoC feed

● LIVE — Intelligence nodes actively contributing IoCs to the Alliance feed

Product Ecosystem

An integrated suite of cybersecurity products — all powered by our Alliance Threat Intelligence

INTELLIGENCE CORE

FOUNDATION

Cyber Threat Intelligence (CTI)

Allianc-sourced threat intelligence covering IP addresses, domains, URLs, and malware. Real-time feeds for comprehensive threat coverage.

Actionable Cyber Threat Intelligence & IoC Feeds →

180+Alliance Members

Real-TimeThreat Feeds

GlobalCoverage

Network Security (IPS)

Automated Prevention

Seamless integration for automated threat blocking across IPS, XDR, firewalls, WAFs, and routers.

View Plugin Integrations →

OneDevice Firewall

IPS Appliance available in two versions: parallel with pfSense or standalone in-series.

OneDevice Appliance →

WAF

Web Application Firewall (WAF) for protecting web applications against common Web attacks.

WAF Documentation →

Secure DNS

DNS service powered by Alliance Threat Intelligence to prevent resolution of malicious domains and block risky IPs.

Secure DNS Documentation →

Endpoint & Access Protection

Mobile Protection

Mobile App with local VPN self-routing to prevent malicious inbound and outbound traffic.

OFA Mobile →

Private VPN

Dedicated VPN for workplace environments, fully integrated with the threat intelligence alliance.

closedvpn.io →

AI Gateway

Firewall for AI public services, enabling safe and secure AI usage while preventing data leakage.

onefirewall.ai →

In-Depth Security

Active Scan

Offensive security platform for DAST, dark web scanning, and penetration testing.

vulnix0.com →

Secure Channel

Secure Owned Communication (SOC) platform for protecting sensitive data in transit and at rest.

SOC Documentation →

Software Security

Comprehensive security platform developed in partnership with AquilaX LTD in UK.

aquilax.ai →

What We Do

Threat Intelligence Alliance

Crowd-sourced threat intelligence covering IPs, domains, URLs, and malware. Over 180 alliance members sharing vetted intelligence.

Automated Prevention

Real-time synchronization with IPS, XDR, firewalls, WAFs, and routers for automated threat blocking.

Mobile & Endpoint Protection

Self-routing local VPN application protecting devices from malicious inbound and outbound traffic.

Enterprise VPN & DNS

Workplace-dedicated VPN and secure DNS services powered by alliance threat intelligence.

AI Gateway Security

Specialized firewall for AI public services preventing data leakage while enabling safe AI usage.

Offensive Security

Comprehensive DAST, dark web scanning, and penetration testing to validate defensive posture.

Why OneFirewall

Real-time threat, IoC and CTI blocking

Unified intelligence layer

Seamless IPS integration (WCF Agent)

Device-based pricing (not traffic-based)

Centralized management

Reduced security tool sprawl

Faster incident response

Enterprise-grade scalability

Architecture Overview

Intelligence Ingestion

Threat Validation

Enrichment Layer

Distribution Engine

IPS Synchronization

Real-Time Prevention

Frequently Asked Questions

Quick answers to the most common questions — view the full FAQ page for 30+ topics.

What is OneFirewall Alliance?

OneFirewall Alliance is a UK-based cybersecurity company headquartered in London. It operates a crowd-sourced Cyber Threat Intelligence (CTI) platform built on an alliance of 180+ organisations worldwide. Member organisations share vetted threat indicators — malicious IPs, domains, URLs, and malware signatures — consolidated, enriched, and distributed in real time as actionable feeds for automated firewall blocking.

How often is the threat intelligence updated?

Intelligence is updated in real time. New indicators submitted by alliance members are validated and distributed to all connected members within <200ms sync latency. The WCF Agent on your firewall pulls updated block-lists continuously — no manual intervention or scheduled batch imports needed.

What is the Crime Score?

The Crime Score is a proprietary risk value from 0 to 1000 assigned to every threat indicator. It combines alliance sighting frequency, historical behaviour, sector targeting profile, MITRE ATT&CK technique severity, and community confidence weighting. A score of 700+ is generally considered high-confidence for automated blocking — with thresholds configurable per environment.

Which firewalls and platforms does OneFirewall integrate with?

The WCF Agent supports 166+ security platforms including Check Point, Fortinet FortiGate, Forcepoint NGFW, Cisco, Palo Alto Networks, pfSense, OPNsense, Juniper SRX, Sophos, and many more — plus XDR platforms and WAF solutions. The full compatibility list is at docs.onefirewall.com.

Does the CTI feed support STIX / TAXII?

Yes. The OneFirewall CTI API returns indicators in STIX 2.1 format and is compatible with TAXII 2.1. You can connect directly to Splunk, Microsoft Sentinel, IBM QRadar, or any STIX/TAXII-capable SIEM or SOAR without writing custom parsers.

Is there a free trial or Proof of Value?

Yes. OneFirewall offers a Proof of Value (PoV) programme — connect to the live intelligence feed and measure its impact on your existing infrastructure before committing to membership. Contact the team to arrange yours.

View all 30+ FAQs →

See OneFirewall in Action

Watch OneFirewall Alliance in action – click to play