HomeCybersecurity Lifehacks
Easily Integrate ANY.RUN Threat Intelligence Feeds Into Your Security Platform 
HomeCybersecurity Lifehacks
Easily Integrate ANY.RUN Threat Intelligence Feeds Into Your Security Platform 

The ANY.RUN Threat Intelligence feeds provide malicious IPs, URLs, and domains.  

This threat data is collected and pre-processed from analysis sessions created by our community of 400,000 researchers, who analyze real malware samples in the ANY.RUN sandbox environment. 

About ANY.RUN TI Feeds 

Feeds extend the threat coverage of your SIEM and TIP systems. They provide IOCs of recently seen malware so you can proactively prepare to defend against new threats discovered by other researchers. 

This may sound complicated, but feeds are actually one of the easier security products to use. It’s practically a plug and play solution (as long as your team is already using a SIEM or TIP system). 

(Read about common use cases for Threat Intelligence Feeds

How to integrate ANY.RUN TI Feeds 

It is easy to create integration with ANY.RUN threat intelligence feeds. We have a free sample feed so you can test the connection and understand our data structure. 

For ANY.RUN  Have an account registered with a custom domain email 
For your SIEM/TIP system  Have an account with admin role 

Here are the steps to set up the integration: 

Setting up TI Feeds is simple

1. First, go to the feeds dashboard in the ANY.RUN Threat Intelligence app. You can get there by clicking this link

Try a free demo of ANY.RUN Threat Intelligence Feeds 

Get a free demo
Select the types of feeds you want by checking the boxes

2. Choose which indicators to receive by checking the boxes — URLs, Domains, IPs or any combination of them. 

Copy the feeds URL and add it as a source in your SIEM or TIP system

3. Copy the URL and paste it into the threat intelligence feeds section of your SIEM or TIP system. This step depends on your vendor, but generally search for “threat intelligence feeds” and find an input for URL or source. 

You can also download a STIX data sample by clicking Get Demo button. 

Get the API key from Threat Intelligence Feeds dashboard

4. Copy the API key and paste it into the API field in the same SIEM/TIP section where you provided the feeds URL. 

That’s it! You are now receiving threat data from ANY.RUN! 

If following demo steps, you get sample data with real structure from the past. 

To learn more about ANY.RUN Threat Intelligence Feeds or make a purchase, contact our sales team: 

Inquire about ANY.RUN TI Feeds 

Contact Sales

Which vendors can integrate with ANY.RUN? 

Our threat intelligence feeds share data in the standardized STIX format. This means that you can practically integrate ANY.RUN feeds with any vendor, including popular platforms like OpenCTI and ThreatConnect. 

About ANY.RUN  

ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.  

Advantages of ANY.RUN  

ANY.RUN helps you analyze threats faster while improving detection rates. The platform detects common malware families with YARA and Suricata rules and identifies malware behavior with signatures when detection by family is not possible. 

With ANY.RUN you can: 

  • Detect malware in under 40s. 
  • Interact with samples in real time. 
  • Save time and money on sandbox setup and maintenance.
  • Record and study all aspects of malware behavior. 
  • Collaborate with your team.
  • Scale as you need. 

Try the full power of ANY.RUN for free 

Request free trial → 

What do you think about this post?

0 answers

  • Awful
  • Average
  • Great

No votes so far! Be the first to rate this post.