{"id":14933,"date":"2025-07-22T11:15:41","date_gmt":"2025-07-22T11:15:41","guid":{"rendered":"\/cybersecurity-blog\/?p=14933"},"modified":"2025-08-14T11:09:17","modified_gmt":"2025-08-14T11:09:17","slug":"ibm-qradar-soar-anyrun-integration","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/","title":{"rendered":"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN\u00a0"},"content":{"rendered":"\n<p>IBM QRadar SOAR is a go-to platform for incident response. To make things faster and easier for SOCs to use this powerful tool with <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=qradar_integration&amp;utm_term=220725&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s services<\/a>, we built an <a href=\"https:\/\/apps.xforce.ibmcloud.com\/extension\/06dbb4c6b59fc59ed9c277b0bb1a3f7d\" target=\"_blank\" rel=\"noreferrer noopener\">official app.<\/a> Now you can seamlessly launch different playbooks directly inside SOAR to streamline threat analysis, speed up investigations, and reduce Mean Time to Respond (MTTR) in your SOC.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Here\u2019s how your team can benefit from the new integration.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Streamline Your SOC Workflows&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"728\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-1024x728.png\" alt=\"\" class=\"wp-image-14941\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-1024x728.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-300x213.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-768x546.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-1536x1092.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-2048x1457.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-370x263.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-270x192.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image-10-740x526.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN app for IBM QRadar SOAR<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The app <a href=\"https:\/\/apps.xforce.ibmcloud.com\/extension\/06dbb4c6b59fc59ed9c277b0bb1a3f7d\" target=\"_blank\" rel=\"noreferrer noopener\">available on IBM Exchange<\/a> allows SOC teams to start using ANY.RUN\u2019s services in a more flexible and seamless way to detect threats and resolve incidents faster. The setup takes a few seconds as you only need an API key to connect your ANY.RUN account to QRadar SOAR, eliminating the need for custom development.&nbsp;&nbsp;<\/p>\n\n\n\n<p>With this integration, you can<strong> <\/strong>get IOCs and verdicts from the sandbox and indicator context from TI Lookup to simplify triage and enrich incident data.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Early Threat Detection<\/strong>: Real-time data from sandbox analyses and TI Lookup enable you to identify and respond to new attacks at their earliest stages.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automation of Routine Tasks:<\/strong> Prebuilt playbooks enable automatic or manual actions, saving time for Tier 1 and Tier 2 analysts.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced Response Times: <\/strong>Cuts incident analysis time by automating enrichment and analysis processes. Results feed directly into SOAR playbooks, enabling rapid isolation, blocking, or escalation based on your workflows.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Proactive Threat Analysis with Interactive Sandbox&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-1024x587.png\" alt=\"\" class=\"wp-image-14942\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-1024x587.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-300x172.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-768x441.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-1536x881.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-2048x1175.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-370x212.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-270x155.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image2-5-740x425.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN playbook library<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"http:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=qradar_integration&amp;utm_term=220725&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a> is a cloud-based service for analysis of suspicious files and URLs. It provides SOC teams with instant access to fully interactive <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows, Linux, and Android<\/a> virtual machines, allowing you to engage with the system and the sample at hand and detonate every stage of the attack, from opening an email attachment to solving a CAPTCHA.&nbsp;<\/p>\n\n\n\n<p>The sandbox logs and marks malicious network traffic, processes, registry and file modifications, providing instant visibility into the threat\u2019s behavior. For each analysis, it generates a comprehensive report with a threat level verdict, <a href=\"https:\/\/any.run\/cybersecurity-blog\/iocs-iobs-ioas-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-ttps-in-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TTPs<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>With IBM QRadar SOAR integration, your SOC team can use the Automated Interactivity of the Sandbox to:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Triage Files and URLs<\/strong>: Send suspicious files or URLs from IBM QRadar SOAR to ANY.RUN\u2019s Sandbox for instant analysis, reducing manual effort.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Gain Deep Behavioral Insights<\/strong>: Access detailed logs of malicious activities, including network traffic, processes, and file changes, for thorough threat understanding.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Auto-Detonate Multi-Stage Attacks<\/strong>: Take advantage of Automated Interactivity for automated execution of user actions such as archive extraction, CAPTCHA solution, and payload launching to reach the final stage of the attack and ensure complete detection.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><em>For the most accurate results, it\u2019s recommended to avoid manual interference during the sandbox session. Let the analysis run to completion, so all behavior stages can be observed and properly logged.<\/em>&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN&#8217;s <span class=\"highlight\">Interactive Sandbox in your SOC<\/span><br> Automate threat analysis, cut MTTD, &#038; boost detection rate&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=qradar_integration&#038;utm_term=220725&#038;utm_content=linktocontactus\" target=\"_blank\" rel=\"noopener\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Instant Incident Enrichment with TI Lookup&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"644\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-1024x644.png\" alt=\"\" class=\"wp-image-14945\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-1024x644.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-300x189.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-768x483.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-1536x967.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-2048x1289.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-370x233.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-270x170.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-3-740x466.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN TI Lookup playbook<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=qradar_integration&amp;utm_term=220725&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> contains a database of fresh Indicators of Compromise (IOCs), Behavior (IOBs), and Action (IOAs) extracted from live sandbox analyses of active malware and phishing attacks across <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000 organizations<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>It lets you search across various&nbsp;types of indicators, from IPs and domains to mutexes and registry keys. Since all data comes from real-time detonation of threats, TI Lookup always offers fresh indicators, available within hours and even minutes after the attack happened.&nbsp;&nbsp;<\/p>\n\n\n\n<p>With IBM QRadar SOAR integration, your SOC team can use TI Lookup to:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enrich Incidents Automatically<\/strong>: Pull detailed threat intelligence for key indicator types, including DNS Name, File Name, File Path, IP Address, MD5, SHA-1, SHA-256, Mutex, Port, Process Name, Registry Key, and URL, directly into SOAR incidents.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Add Behavioral Threat Context<\/strong>: Enhance indicators with behavioral insights from live sandbox analyses, providing deeper context for threat understanding.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Speed Up Threat Assessment<\/strong>: Use fresh, high-quality data from 15,000 organizations to quickly evaluate and prioritize potential threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet instant threat context with <span class=\"highlight\">TI Lookup<\/span><br> Act faster. Slash MTTR. Stop breaches early&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=qradar_integration&#038;utm_term=220725&#038;utm_content=linktocontactus\" target=\"_blank\" rel=\"noopener\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">What Your Team Gains: Business and Operational Benefits&nbsp;<\/h2>\n\n\n\n<p>The IBM QRadar SOAR integration with ANY.RUN delivers measurable performance gains across your SOC, improving key metrics like Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), while enhancing decision-making at every level.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost and Time Savings<\/strong>: Lower analyst workload by automating repetitive tasks, allowing focus on critical threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Increased SOC Efficiency:<\/strong> Streamline triage, investigation, and escalation for Tier 1 and Tier 2 analysts with built-in automation and enriched data, reducing alert fatigue and manual steps.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced Decision-Making and Process Improvement: <\/strong>Use detailed Sandbox reports and enriched data to create more effective rules, update response playbooks, and train detection models.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactive Threat Management:<\/strong> Detect emerging threats earlier with fresh, behavior-based data from real-time malware analysis. TI Lookup and Sandbox insights help you uncover stealthy or multi-stage attacks that traditional tools may miss.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stronger ROI from Existing Tools:<\/strong> Maximize the value of your SOAR investment by extending its capabilities with behavioral analysis and contextual enrichment, no additional infrastructure required.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to Get Started&nbsp;<\/h2>\n\n\n\n<p>Getting started with the ANY.RUN app in IBM QRadar SOAR takes just a few steps:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Install the App from IBM App Exchange&nbsp;<\/h3>\n\n\n\n<p>Simply find the <a href=\"https:\/\/apps.xforce.ibmcloud.com\/extension\/06dbb4c6b59fc59ed9c277b0bb1a3f7d\" target=\"_blank\" rel=\"noreferrer noopener\">official ANY.RUN app<\/a> and install it in your SOAR environment; no coding or custom development needed.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"663\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-1024x663.png\" alt=\"\" class=\"wp-image-14946\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-1024x663.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-300x194.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-768x497.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-1536x994.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-2048x1326.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-370x240.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-270x175.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image7-2-740x479.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Install the ANY.RUN app from IBM App Exchange<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">2. Connect Using Your ANY.RUN API Key&nbsp;<\/h3>\n\n\n\n<p>In the integration settings, add your API key to connect your ANY.RUN account. You can choose to activate:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>TI Lookup only<\/strong> for real-time IOC enrichment&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sandbox only <\/strong>for dynamic file and URL analysis&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Both modules together<\/strong> for full access to enrichment and behavioral analysis&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Both modules are available to paid ANY.RUN users and can be used independently or in combination, depending on your license.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"662\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-1024x662.png\" alt=\"\" class=\"wp-image-14947\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-1024x662.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-300x194.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-768x497.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-1536x993.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-2048x1325.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-370x239.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-270x175.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image4-2-740x479.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Add your API key to connect your ANY.RUN account<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">3. Use or Customize the Playbooks&nbsp;<\/h3>\n\n\n\n<p>Use the pre-configured playbooks that come with the integration or customize them to fit your SOC workflows.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"645\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-1024x645.png\" alt=\"\" class=\"wp-image-14948\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-1024x645.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-300x189.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-768x484.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-1536x967.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-2048x1290.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-370x233.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-270x170.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image5-2-740x466.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Pre-configured playbook example<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">4. Automate Enrichment and Analysis in Your Incidents&nbsp;<\/h3>\n\n\n\n<p>Once configured, you can begin automating threat investigation steps directly within IBM QRadar SOAR:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pull data from TI Lookup<\/strong> by sending artifacts (IPs, hashes, domains, etc.) and retrieving JSON-based enrichment with real-time threat intelligence&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Send files and URLs to Sandbox<\/strong> and receive key indicators, behavioral tags, verdicts, and detailed reports (PDF\/JSON), all injected back into the incident&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"663\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-1024x663.png\" alt=\"\" class=\"wp-image-14949\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-1024x663.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-300x194.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-768x497.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-1536x994.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-2048x1326.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-370x240.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-270x175.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image8-740x479.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Data pulled from ANY.RUN\u2019s TI Lookup<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>This lets your analysts make faster decisions, automate triage, and reduce response time without manual switching between tools.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Integrate ANY.RUN with Other Solutions and Vendors&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN supports multiple integrations with popular security products. <a href=\"https:\/\/any.run\/integrations\" target=\"_blank\" rel=\"noreferrer noopener\">Check out the list<\/a> to see how you can streamline workflows in your SOC. &nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN is trusted by over 500,000 cybersecurity professionals and 15,000+ organizations in finance, healthcare, manufacturing, and beyond. Our services help security teams investigate threats faster and with greater confidence.&nbsp;<\/p>\n\n\n\n<p><strong>Accelerate response times with our Interactive Sandbox<\/strong>: Analyze suspicious files in real time, uncover malicious behavior, and support quick decision-making.&nbsp;<\/p>\n\n\n\n<p><strong>Enhance detection capabilities using Threat Intelligence Lookup and TI Feeds:<\/strong> Give your team the context they need to stay ahead of evolving cyber threats.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=qradar_integration&amp;utm_term=220725&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Reach out to us for a 14-day trial of ANY.RUN\u2019s service now \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IBM QRadar SOAR is a go-to platform for incident response. To make things faster and easier for SOCs to use this powerful tool with ANY.RUN\u2019s services, we built an official app. Now you can seamlessly launch different playbooks directly inside SOAR to streamline threat analysis, speed up investigations, and reduce Mean Time to Respond (MTTR) [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":14939,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81],"tags":[57,10,55,56],"class_list":["post-14933","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Turn Alert Noise into Threat Insights without Leaving QRadar SOAR<\/title>\n<meta name=\"description\" content=\"Power up IBM QRadar SOAR with ANY.RUN&#039;s Interactive Sandbox and Threat Intelligence Lookup to detect threats faster and reduce workload.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN\u00a0\",\"datePublished\":\"2025-07-22T11:15:41+00:00\",\"dateModified\":\"2025-08-14T11:09:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/\"},\"wordCount\":1301,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"release\",\"update\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/\",\"name\":\"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-07-22T11:15:41+00:00\",\"dateModified\":\"2025-08-14T11:09:17+00:00\",\"description\":\"Power up IBM QRadar SOAR with ANY.RUN's Interactive Sandbox and Threat Intelligence Lookup to detect threats faster and reduce workload.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR","description":"Power up IBM QRadar SOAR with ANY.RUN's Interactive Sandbox and Threat Intelligence Lookup to detect threats faster and reduce workload.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN\u00a0","datePublished":"2025-07-22T11:15:41+00:00","dateModified":"2025-08-14T11:09:17+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/"},"wordCount":1301,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","release","update"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/","url":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/","name":"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-07-22T11:15:41+00:00","dateModified":"2025-08-14T11:09:17+00:00","description":"Power up IBM QRadar SOAR with ANY.RUN's Interactive Sandbox and Threat Intelligence Lookup to detect threats faster and reduce workload.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/ibm-qradar-soar-anyrun-integration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"Turn Alert Noise into Threat Insights without Leaving QRadar SOAR with ANY.RUN\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14933"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=14933"}],"version-history":[{"count":7,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14933\/revisions"}],"predecessor-version":[{"id":15027,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14933\/revisions\/15027"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/14939"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=14933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=14933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=14933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}