diff --git a/packages/ti_anomali/_dev/build/docs/README.md b/packages/ti_anomali/_dev/build/docs/README.md
index 64a890a44b7..18ab4fdc5c0 100644
--- a/packages/ti_anomali/_dev/build/docs/README.md
+++ b/packages/ti_anomali/_dev/build/docs/README.md
@@ -7,6 +7,8 @@ It has the following data streams:
 - **`intelligence`** Indicators retrieved from the Anomali ThreatStream API's intelligence endpoint.
 - **`threatstream`** Indicators received from the Anomali ThreatStream Elastic Extension, which is additional software. This is deprecated.
 
+If you run in the cloud (Cloud Hosted of Serverless), this integration is available [agentless](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) from cluster version 8.17 onward - if this criteria is met, you don't need to install an Elastic Agent to gather these metrics.
+
 ## Logs
 
 ### Expiration of Indicators of Compromise (IOCs)
diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml
index c972210c254..3f56349ea93 100644
--- a/packages/ti_anomali/changelog.yml
+++ b/packages/ti_anomali/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.1.0"
+  changes:
+    - description: Added Agentless deployment mode
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14547
 - version: "2.0.0"
   changes:
     - description: Modify field type to eliminate field conflicts within the data streams.
diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md
index 4a145656eb9..e828b655834 100644
--- a/packages/ti_anomali/docs/README.md
+++ b/packages/ti_anomali/docs/README.md
@@ -7,6 +7,8 @@ It has the following data streams:
 - **`intelligence`** Indicators retrieved from the Anomali ThreatStream API's intelligence endpoint.
 - **`threatstream`** Indicators received from the Anomali ThreatStream Elastic Extension, which is additional software. This is deprecated.
 
+If you run in the cloud (Cloud Hosted of Serverless), this integration is available [agentless](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) from cluster version 8.17 onward - if this criteria is met, you don't need to install an Elastic Agent to gather these metrics.
+
 ## Logs
 
 ### Expiration of Indicators of Compromise (IOCs)
diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml
index 2fc18d10570..7da83692524 100644
--- a/packages/ti_anomali/manifest.yml
+++ b/packages/ti_anomali/manifest.yml
@@ -1,6 +1,6 @@
 name: ti_anomali
 title: Anomali
-version: "2.0.0"
+version: "2.1.0"
 description: Ingest threat intelligence indicators from Anomali with Elastic Agent.
 type: integration
 format_version: 3.0.2
@@ -38,6 +38,15 @@ policy_templates:
   - name: ti_anomali
     title: Anomali
     description: Ingest threat intelligence indicators from Anomali with Elastic Agent.
+    deployment_modes:
+      default:
+        enabled: true
+      agentless:
+        enabled: true
+        is_default: true
+        organization: elastic
+        division: field
+        team: csg
     inputs:
       - type: cel
         title: "Anomali ThreatStream API"