The ANY.RUN Threat Intelligence feeds provide malicious IPs, URLs, and domains.
This threat data is collected and pre-processed from analysis sessions created by our community of 400,000 researchers, who analyze real malware samples in the ANY.RUN sandbox environment.
About ANY.RUN TI Feeds
Feeds extend the threat coverage of your SIEM and TIP systems. They provide IOCs of recently seen malware so you can proactively prepare to defend against new threats discovered by other researchers.
This may sound complicated, but feeds are actually one of the easier security products to use. It’s practically a plug and play solution (as long as your team is already using a SIEM or TIP system).
(Read about common use cases for Threat Intelligence Feeds)
How to integrate ANY.RUN TI Feeds
It is easy to create integration with ANY.RUN threat intelligence feeds. We have a free sample feed so you can test the connection and understand our data structure.
| For ANY.RUN | Have an account registered with a custom domain email |
| For your SIEM/TIP system | Have an account with admin role |
Here are the steps to set up the integration:
1. First, go to the feeds dashboard in the ANY.RUN Threat Intelligence app. You can get there by clicking this link.
2. Choose which indicators to receive by checking the boxes — URLs, Domains, IPs or any combination of them.
3. Copy the URL and paste it into the threat intelligence feeds section of your SIEM or TIP system. This step depends on your vendor, but generally search for “threat intelligence feeds” and find an input for URL or source.
You can also download a STIX data sample by clicking Get Demo button.
4. Copy the API key and paste it into the API field in the same SIEM/TIP section where you provided the feeds URL.
That’s it! You are now receiving threat data from ANY.RUN!
If following demo steps, you get sample data with real structure from the past.
To learn more about ANY.RUN Threat Intelligence Feeds or make a purchase, contact our sales team:
Which vendors can integrate with ANY.RUN?
Our threat intelligence feeds share data in the standardized STIX format. This means that you can practically integrate ANY.RUN feeds with any vendor, including popular platforms like OpenCTI and ThreatConnect.
About ANY.RUN
ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.
Advantages of ANY.RUN
ANY.RUN helps you analyze threats faster while improving detection rates. The platform detects common malware families with YARA and Suricata rules and identifies malware behavior with signatures when detection by family is not possible.
With ANY.RUN you can:
- Detect malware in under 40s.
- Interact with samples in real time.
- Save time and money on sandbox setup and maintenance.
- Record and study all aspects of malware behavior.
- Collaborate with your team.
- Scale as you need.
Try the full power of ANY.RUN for free
0 comments