{"id":13818,"date":"2025-05-21T10:57:33","date_gmt":"2025-05-21T10:57:33","guid":{"rendered":"\/cybersecurity-blog\/?p=13818"},"modified":"2025-09-22T05:26:32","modified_gmt":"2025-09-22T05:26:32","slug":"reduce-mttd-with-ti-feeds","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/","title":{"rendered":"How SOC Teams Improve Mean Time to Detect and Other\u00a0KPIs with Threat Intelligence Feeds"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/sandbox-for-every-tier\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security Operations Centers<\/a> (SOCs) are under constant pressure to detect threats faster, respond more effectively, and reduce operational noise. Metrics like Mean Time to Detect (MTTD), <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-in-incident-response\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mean Time to Respond<\/a> (MTTR), False Positive Rate (FPR), and True Positive Rate (TPR) are more than just numbers \u2014 they define the health and impact of a business security posture.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat intelligence feeds<\/a> \u2014 curated, real-time data streams about emerging threats, vulnerabilities, and attacker tactics \u2014 play a pivotal role in optimizing these metrics hence SOCs\u2019 performance. By integrating high-quality solutions, like <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_better_kpis&amp;utm_term=210525&amp;utm_content=linktotifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s TI Feeds<\/a>, teams can improve efficiency, accuracy, and proactive defense.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)&nbsp;<\/h2>\n\n\n\n<p>MTTD measures the average time taken to identify a security incident. Threat intelligence feeds provide real-time <a href=\"https:\/\/any.run\/cybersecurity-blog\/iocs-iobs-ioas-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">indicators of compromise<\/a> (IOCs) such as malicious IP addresses, domains, or file hashes. By correlating these IOCs with network and endpoint data, SOCs can detect threats faster. Tools like SIEMs and EDRs use feeds to match artifacts against known malicious signatures in real time.&nbsp;<\/p>\n\n\n\n<p>MTTR tracks the time from detection to containment or resolution. Threat intelligence feeds enhance response by enabling automation and faster decision-making.&nbsp;<\/p>\n\n\n\n<p>As a result, known threats get detected immediately, not after hours of investigation, and analysts get context-rich alerts (e.g., malware family, <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-ttps-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE technique<\/a>), speeding up triage.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_better_kpis&amp;utm_term=210525&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Threat Intelligence Feeds<\/a> contain IOCs from real-world attack investigations across <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000 companies<\/a>.\u00a0Namely: \u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IP addresses<\/strong>. Digital markers of cybercriminal operations, often linked to Command-and-Control (C2) servers or phishing campaigns.&nbsp;<\/li>\n\n\n\n<li><strong>Domains<\/strong>. Often used as staging points for cyberattacks. Domains provide a higher-level view of malicious activity, often connecting multiple IPs or malware instances within a single campaign.&nbsp;<\/li>\n\n\n\n<li><strong>URLs<\/strong>. By link analysis, cybersecurity teams can uncover attack patterns, block harmful traffic, and prevent unauthorized access to systems and data.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>ANY.RUN\u2019s TI Feeds provide <a href=\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">detailed context on the indicators<\/a> that enriches information and helps to assess the impact of each IOC. The contextual data includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>External references<\/strong>: Links to relevant <a href=\"https:\/\/any.run\/cybersecurity-blog\/interactive-malware-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">sandbox analyses<\/a> of malware samples that let users observe an attack in detail and elements and extract actionable data about threat behaviors and adversary TTPs.&nbsp;<\/li>\n\n\n\n<li><strong>Label<\/strong>: Name of the malware family or campaign.&nbsp;<\/li>\n\n\n\n<li><strong>Detection timestamps<\/strong>: \u201cCreated\u201d and \u201cModified\u201d dates provide a timeline to understand if a threat is ongoing or historical.&nbsp;<\/li>\n\n\n\n<li><strong>Related objects<\/strong>: File hashes and network indicators related to the indicator in question.&nbsp;<\/li>\n\n\n\n<li><strong>Score<\/strong>: Value representing the severity level of the IOC.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nRequest access to Threat Intelligence Feeds <br>and start <span class=\"highlight\">improving SOC KPIs<\/span>&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=ti_feeds_better_kpis&#038;utm_term=210525&#038;utm_content=linktotifeedsthreat-intelligence-feeds#contact-sales\" rel=\"noopener\" target=\"_blank\">\nReach out to us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">2. Lowering False Positive Rate&nbsp;<\/h2>\n\n\n\n<p>A high false positive rate overwhelms analysts with irrelevant alerts, reducing efficiency. Threat intelligence feeds improve alert accuracy by filtering out benign activity and prioritizing high-fidelity threats.&nbsp;<\/p>\n\n\n\n<p>TI Feeds validate alerts against known threat patterns. For example, a feed might confirm a suspicious IP as part of a <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-hunt-and-investigate-linux-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">botnet<\/a>, reducing time spent investigating false positives.&nbsp;<\/p>\n\n\n\n<p>Fewer false positives streamline triage, allowing analysts to focus on genuine threats and improving overall SOC productivity. Some teams also measure Alert Fatigue Index as a ratio of irrelevant alerts to total alerts to evaluate employee burnout risk \u2014 TI Feeds help lower this risk as well. &nbsp;<\/p>\n\n\n\n<p>Understanding the severity of incidents (low, medium, high, critical) also helps SOCs allocate resources effectively. Threat intelligence feeds provide data to classify incidents accurately, prioritize high-impact threats, and improve incident management efficiency.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Enhancing Threat Hunting Success Rate&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-hunting\/\" target=\"_blank\" rel=\"noreferrer noopener\">Proactive threat hunting<\/a> \u2014 searching for threats before alerts are triggered \u2014 is a key SOC capability. Indicators provided by threat intelligence feeds help threat hunters build hypotheses and stay on top of emerging campaigns with freshly exposed IOCs linked to specific threats. Relevant sandbox sessions reveal TTPs, like specific phishing email patterns or command-and-control (C2) behaviors, guiding hunters to uncover hidden threats. For example, such analysis may highlight a new C2 protocol, prompting&nbsp;the&nbsp;search for matching network traffic.&nbsp;<\/p>\n\n\n\n<p>Targeted hunts increase the success rate of identifying threats proactively, reducing dwell time and preventing escalation.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. Reducing Dwell Time&nbsp;<\/h2>\n\n\n\n<p>Dwell time, critical for measuring real-world SOC effectiveness, gauges how long a threat remains undetected in the environment. Threat intelligence feeds enhance visibility into stealthy threats, such as low-and-slow attacks.&nbsp;<\/p>\n\n\n\n<p>TI Feeds provide unique IOCs from sources including memory dumps, <a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata IDS detections<\/a>, and internal threat categorization systems, enabling SOCs to detect anomalies that evade traditional signatures. A deeper research involving sandbox sample analysis might reveal a new obfuscation technique used by malware, prompting updated detection rules.&nbsp;<\/p>\n\n\n\n<p>Shorter dwell times limit attacker persistence, reducing potential damage and supporting compliance requirements.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5. Increasing Automation Utilization&nbsp;<\/h2>\n\n\n\n<p>Automation is an important metric for scaling SOC operations. Threat intelligence feeds integrate with security tools like SIEMs, SOAR platforms, or firewalls to automate detection and response.&nbsp;<\/p>\n\n\n\n<p>ANY.RUN\u2019s TI Feeds connect with any vendor, including <a href=\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenCTI<\/a>, ThreatConnect, QRadar, etc. They deliver machine-readable IOCs (e.g., STIX\/TAXII format, the support of MISP) that can be ingested into automated workflows. For instance, a feed might update a firewall\u2019s blocklist with malicious IPs in real time. Higher automation utilization reduces manual workloads, improves response times, and boosts cost efficiency.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">6. Supporting Coverage Rate&nbsp;<\/h2>\n\n\n\n<p>Coverage rate measures the percentage of assets monitored by the SOC. Threat intelligence feeds enhance visibility by identifying new attack surfaces or blind spots. They provide insights into emerging threats targeting specific technologies (e.g., IoT devices, cloud environments), prompting SOCs to expand monitoring. For example, a feed might highlight attacks on a specific cloud API, leading to new telemetry sources.&nbsp;<\/p>\n\n\n\n<p>Improved coverage ensures comprehensive threat detection across the organization\u2019s attack surface.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">7. Reducing Repeat Incident Rate&nbsp;<\/h2>\n\n\n\n<p>Recurring incidents indicate gaps in remediation or prevention. Threat intelligence feeds provide root cause analysis and mitigation strategies to prevent recurrence.&nbsp;<\/p>\n\n\n\n<p>Owing to the integration with the <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_better_kpis&amp;utm_term=210525&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>, the users of TI Feeds&nbsp;can access detailed post-incident data, such as attackers\u2019 TTPs or misconfigurations exploited. For example, a feed might reveal an indicator related to a phishing campaign exploiting weak MFA settings, prompting stronger controls. Addressing root causes reduces repeat incidents, enhancing long-term security resilience.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Integrate Threat Intelligence Feeds from ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>You can test ANY.RUN\u2019s Threat Intelligence Feeds in STIX\/TAXII and MISP formats by <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_better_kpis&amp;utm_term=210525&amp;utm_content=linktotifeedsthreat-intelligence-feeds#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">requesting a trial on this page<\/a>.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Spot and block attacks quickly to prevent disruptions and damage. &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep your detection systems updated with fresh data to proactively detect emerging threats.&nbsp; &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Handle incidents faster to lower financial and brand damage.&nbsp; &nbsp;<\/li>\n<\/ul>\n\n\n\n<p>ANY.RUN also runs a dedicated <a href=\"https:\/\/any.run\/cybersecurity-blog\/misp-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">MISP instance<\/a> that you can synchronize your server with or connect to your security solutions.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>Threat intelligence feeds deliver significant business value by enhancing SOC efficiency, reducing risk, and driving cost-effective security operations. By providing real-time, actionable insights, feeds empower organizations to minimize downtime, protect critical assets, and maintain compliance, ultimately safeguarding revenue and reputation. &nbsp;<\/p>\n\n\n\n<p>With seamless integration into SIEMs and SOAR platforms, ANY.RUN&#8217;s TI Feeds maximize automation and ensure comprehensive coverage, helping businesses achieve a robust security posture while improving key KPIs like MTTD, MTTR, and false positive rates.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN<\/h2>\n\n\n\n<p><a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_better_kpis&amp;utm_term=210525&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_better_kpis&amp;utm_term=210525&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request trial of ANY.RUN&#8217;s services to test them in your organization \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Operations Centers (SOCs) are under constant pressure to detect threats faster, respond more effectively, and reduce operational noise. Metrics like Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), False Positive Rate (FPR), and True Positive Rate (TPR) are more than just numbers \u2014 they define the health and impact of a business [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":13822,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,54,15],"class_list":["post-13818","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-features","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Improve Mean Time to Detect with Threat Intelligence Feeds<\/title>\n<meta name=\"description\" content=\"See how integrating Threat Intelligence Feeds can help SOC teams and MSSPs to improve key KPIs like MTTD, MTTR, and reduce false positives.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"How SOC Teams Improve Mean Time to Detect and Other\u00a0KPIs with Threat Intelligence Feeds\",\"datePublished\":\"2025-05-21T10:57:33+00:00\",\"dateModified\":\"2025-09-22T05:26:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/\"},\"wordCount\":1288,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"malware\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/\",\"name\":\"Improve Mean Time to Detect with Threat Intelligence Feeds\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-05-21T10:57:33+00:00\",\"dateModified\":\"2025-09-22T05:26:32+00:00\",\"description\":\"See how integrating Threat Intelligence Feeds can help SOC teams and MSSPs to improve key KPIs like MTTD, MTTR, and reduce false positives.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How SOC Teams Improve Mean Time to Detect and Other\u00a0KPIs with Threat Intelligence Feeds\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improve Mean Time to Detect with Threat Intelligence Feeds","description":"See how integrating Threat Intelligence Feeds can help SOC teams and MSSPs to improve key KPIs like MTTD, MTTR, and reduce false positives.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"How SOC Teams Improve Mean Time to Detect and Other\u00a0KPIs with Threat Intelligence Feeds","datePublished":"2025-05-21T10:57:33+00:00","dateModified":"2025-09-22T05:26:32+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/"},"wordCount":1288,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","malware"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/","url":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/","name":"Improve Mean Time to Detect with Threat Intelligence Feeds","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-05-21T10:57:33+00:00","dateModified":"2025-09-22T05:26:32+00:00","description":"See how integrating Threat Intelligence Feeds can help SOC teams and MSSPs to improve key KPIs like MTTD, MTTR, and reduce false positives.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/reduce-mttd-with-ti-feeds\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"How SOC Teams Improve Mean Time to Detect and Other\u00a0KPIs with Threat Intelligence Feeds"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/13818"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=13818"}],"version-history":[{"count":20,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/13818\/revisions"}],"predecessor-version":[{"id":15935,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/13818\/revisions\/15935"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/13822"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=13818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=13818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=13818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}