A subset of our alliance members - currently surpassing 290 members worldwide.
Compatible and integrated with the following architectures and 166 more!
Real-time threat data collected from alliance members across Top 12 countries — continuously enriching the Alliance IoC feed
● LIVE — Intelligence nodes actively contributing IoCs to the Alliance feed
An integrated suite of cybersecurity products — all powered by our Alliance Threat Intelligence
Allianc-sourced threat intelligence covering IP addresses, domains, URLs, and malware. Real-time feeds for comprehensive threat coverage.
Actionable Cyber Threat Intelligence & IoC Feeds →
One-Click integration for automated threat blocking across IPS, XDR, firewalls, WAFs, and routers.
View Plugin Integrations →
IPS Appliance available in two versions: parallel with pfSense or standalone in-series.
OneDevice Appliance →
Web Application Firewall (WAF) for protecting web applications against common Web attacks.
WAF Documentation →
DNS service powered by Alliance Threat Intelligence to prevent resolution of malicious domains and block risky IPs.
Secure DNS Documentation →
Mobile App with local VPN self-routing to prevent malicious inbound and outbound traffic.
OFA Mobile →
Dedicated VPN for workplace environments, fully integrated with the threat intelligence alliance.
closedvpn.io →
Firewall for AI public services, enabling safe and secure AI usage while preventing data leakage.
onefirewall.ai →
Offensive security platform for DAST, dark web scanning, and penetration testing.
vulnix0.com →
Secure Owned Communication (SOC) platform for protecting sensitive data in transit and at rest.
SOC Documentation →
Comprehensive security platform developed in partnership with AquilaX LTD in UK.
aquilax.ai →Crowd-sourced threat intelligence covering IPs, domains, URLs, and malware. Over 210 alliance members sharing vetted intelligence.
Real-time synchronization with IPS, XDR, firewalls, WAFs, and routers for automated threat blocking.
Self-routing local VPN application protecting devices from malicious inbound and outbound traffic.
Workplace-dedicated VPN and secure DNS services powered by alliance threat intelligence.
Specialized firewall for AI public services preventing data leakage while enabling safe AI usage.
Comprehensive DAST, dark web scanning, and penetration testing to validate defensive posture.
Quick answers to the most common questions — view the full FAQ page for 30+ topics.
OneFirewall Alliance is a UK-based cybersecurity company headquartered in London. It operates a crowd-sourced Cyber Threat Intelligence (CTI) platform built on an alliance of 290+ organisations worldwide. Member organisations share vetted threat indicators — malicious IPs, domains, URLs, and malware signatures — consolidated, enriched, and distributed in real time as actionable feeds for automated firewall blocking.
Intelligence is updated in real time. New indicators submitted by alliance members are validated and distributed to all connected members within <200ms sync latency. The WCF Agent on your firewall pulls updated block-lists continuously — no manual intervention or scheduled batch imports needed.
The Crime Score is a proprietary risk value from 0 to 1000 assigned to every threat indicator. It combines alliance sighting frequency, historical behaviour, sector targeting profile, MITRE ATT&CK technique severity, and community confidence weighting. A score of 700+ is generally considered high-confidence for automated blocking — with thresholds configurable per environment.
The WCF Agent supports 166+ security platforms including Check Point, Fortinet FortiGate, Forcepoint NGFW, Cisco, Palo Alto Networks, pfSense, OPNsense, Juniper SRX, Sophos, and many more — plus XDR platforms and WAF solutions. The full compatibility list is at docs.onefirewall.com.
Yes. The OneFirewall CTI API returns indicators in STIX 2.1 format and is compatible with TAXII 2.1. You can connect directly to Splunk, Microsoft Sentinel, IBM QRadar, or any STIX/TAXII-capable SIEM or SOAR without writing custom parsers.
Yes. OneFirewall offers a Proof of Value (PoV) programme — connect to the live intelligence feed and measure its impact on your existing infrastructure before committing to membership. Contact the team to arrange yours.
Real-world cyber attack coverage from the past 24 hours — view all news →
OpenAI has introduced a new safety architecture for the GPT-5.6 family to mitigate risks associated with its flagship Sol model. The system utilizes activation classifiers that monitor generations in ...
Read more →