- \n
- Launch of a free TI Lookup <\/strong>plan, giving all users access to live attack data from 15K SOCs <\/li>\n<\/ul>\n\n\n\n
- \n
- New Debian ARM VM <\/strong>for analyzing malware targeting IoT and embedded systems <\/li>\n<\/ul>\n\n\n\n
- \n
- Expanded detection with 163 new behavior signatures<\/strong>, 13 YARA rules<\/strong>, and 2,772 Suricata rules<\/strong> <\/li>\n<\/ul>\n\n\n\n
Keep reading to explore what\u2019s new and how these updates can improve your daily workflows and threat visibility. <\/p>\n\n\n\n
Product Updates <\/h2>\n\n\n\n
IBM QRadar SOAR Integration: Faster, Smarter Incident Response <\/h2>\n\n\n\n
We\u2019ve officially launched the ANY.RUN app for IBM QRadar SOAR<\/strong><\/a>, helping SOC teams move faster, reduce manual effort, and make smarter decisions without leaving their existing workflows. <\/p>\n\n\n
\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-1-1024x729.png\")
ANY.RUN app for IBM QRadar SOAR<\/em> <\/figcaption><\/figure><\/div>\n\n\n With this integration, analysts can detonate suspicious files and URLs in ANY.RUN\u2019s interactive sandbox<\/a> directly from QRadar SOAR, and get verdicts, behavioral logs, and IOCs pushed back into the incident automatically. This not only speeds up triage, but also cuts Mean Time to Respond (MTTR) and reduces the risk of missing stealthy threats. <\/p>\n\n\n\n
You can also enrich key indicators using ANY.RUN\u2019s Threat Intelligence Lookup<\/a>, pulling in fresh, real-world threat context from live malware samples observed across 15,000+ organizations. <\/p>\n\n\n
\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1024x588.png\")
ANY.RUN playbook library <\/em> <\/figcaption><\/figure><\/div>\n\n\n What Your Team Gains: Business and Operational Impact <\/h3>\n\n\n\n
The new IBM QRadar SOAR integration delivers real performance and value across your SOC<\/strong>. By combining automated sandbox detonation with live threat intelligence enrichment, ANY.RUN helps security teams reduce alert fatigue, move faster, and make better-informed decisions. <\/p>\n\n\n\n
- \n
- Lower workload and faster response:<\/strong> Automation cuts down manual triage and enrichment, letting analysts focus on critical threats, not routine tasks. <\/li>\n<\/ul>\n\n\n\n
- \n
- Improved efficiency across tiers:<\/strong> Tier 1 and Tier 2 analysts benefit from streamlined investigation and escalation, while senior staff gain the bandwidth to focus on strategy and tuning. <\/li>\n<\/ul>\n\n\n\n
- \n
- Smarter decisions, better processes:<\/strong> Sandbox reports and TI Lookup insights feed directly into playbooks and detection rules, driving continuous improvement. <\/li>\n<\/ul>\n\n\n\n
- \n
- Early visibility into stealthy threats:<\/strong> Real-time behavioral data exposes multi-stage and evasive attacks that traditional tools often miss. <\/li>\n<\/ul>\n\n\n\n
- \n
- Stronger ROI from existing tools:<\/strong> The integration adds powerful behavioral context to your SOAR workflows, without requiring new infrastructure or steep learning curves. <\/li>\n<\/ul>\n\n\n\n
How to Get Started <\/h3>\n\n\n\n
Getting started is easy, just install the ANY.RUN app from IBM App Exchange<\/strong><\/a> and connect your account using an API key. You can enable sandbox analysis, Threat Intelligence Lookup, or both, depending on your workflow. <\/p>\n\n\n\n
Threat Intelligence Lookup Gets a Free Plan and More Power for Premium <\/h2>\n\n\n\n
This July, we made accessing high-quality threat intelligence easier than ever. ANY.RUN\u2019s Threat Intelligence Lookup (TI Lookup)<\/strong><\/a> now includes a Free plan<\/strong><\/a>, giving every analyst and SOC team access to real-time, actionable data from millions of sandboxed malware sessions. <\/p>\n\n\n\n
\u201cThreat Intelligence in ANY.RUN continues to evolve \u2014 not only by adding more features, but by making the right ones easier to use.\u201d
\u2014 Aleksey Lapshin, CEO at ANY.RUN <\/p>\n\n\n\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1024x603.png\")
TI Lookup provides access to an extensive database of the latest IOCs, IOBs, and IOAs<\/em> <\/figcaption><\/figure><\/div>\n\n\n We\u2019ve simplified access to ANY.RUN\u2019s threat intelligence ecosystem with a cleaner, faster entry point. With the Free plan<\/strong>, you can now explore Public Samples<\/strong>, TTPs<\/strong>, Suricata rules<\/strong>, and malware trends<\/strong> without cost or complexity. <\/p>\n\n\n\n
Users can perform unlimited searches using core indicators like file hashes, URLs, domains, IPs, Suricata IDs, and MITRE ATT&CK techniques<\/strong>, and combine them using the AND operator<\/strong> for refined threat queries. <\/p>\n\n\n\n
What You Can Achieve with TI Lookup Free <\/h3>\n\n\n\n
The essential features in the free tier help SOC teams address real-world challenges: <\/p>\n\n\n\n
- \n
- Enrich threat investigations:<\/strong> Gain extensive context by linking existing artifacts to real-world attacks observed in the wild. <\/li>\n<\/ul>\n\n\n\n
- \n
- Reduce response time (MTTR):<\/strong> Analyze threat behavior, objectives, and targets directly from sandbox sessions to support fast, informed decisions. <\/li>\n<\/ul>\n\n\n\n
- \n
- Strengthen proactive defense:<\/strong> Gather intel on emerging threats early, before they escalate, using real-time data. <\/li>\n<\/ul>\n\n\n\n
- \n
- Grow your team\u2019s expertise:<\/strong> Help SOC analysts learn from real-world malware by exploring TTPs through the interactive MITRE ATT&CK matrix. <\/li>\n<\/ul>\n\n\n\n
- \n
- Develop SIEM, IDS\/IPS, or EDR rules:<\/strong> Use collected intelligence to fine-tune detection rules and boost your organization’s overall defense. <\/li>\n<\/ul>\n\n\n\n
You can view up to 20 recent sandbox sessions per query<\/strong>, giving you insight into how threats evolve and behave across multiple industries and regions. <\/p>\n\n\n\n
All you need to do to get started is sign up or log into your ANY.RUN account, a<\/strong>nd you\u2019re in. <\/p>\n\n\n\n\n
- Develop SIEM, IDS\/IPS, or EDR rules:<\/strong> Use collected intelligence to fine-tune detection rules and boost your organization’s overall defense. <\/li>\n<\/ul>\n\n\n\n
- Grow your team\u2019s expertise:<\/strong> Help SOC analysts learn from real-world malware by exploring TTPs through the interactive MITRE ATT&CK matrix. <\/li>\n<\/ul>\n\n\n\n
- Strengthen proactive defense:<\/strong> Gather intel on emerging threats early, before they escalate, using real-time data. <\/li>\n<\/ul>\n\n\n\n
- Reduce response time (MTTR):<\/strong> Analyze threat behavior, objectives, and targets directly from sandbox sessions to support fast, informed decisions. <\/li>\n<\/ul>\n\n\n\n
- Enrich threat investigations:<\/strong> Gain extensive context by linking existing artifacts to real-world attacks observed in the wild. <\/li>\n<\/ul>\n\n\n\n
- Stronger ROI from existing tools:<\/strong> The integration adds powerful behavioral context to your SOAR workflows, without requiring new infrastructure or steep learning curves. <\/li>\n<\/ul>\n\n\n\n
- Early visibility into stealthy threats:<\/strong> Real-time behavioral data exposes multi-stage and evasive attacks that traditional tools often miss. <\/li>\n<\/ul>\n\n\n\n
- Smarter decisions, better processes:<\/strong> Sandbox reports and TI Lookup insights feed directly into playbooks and detection rules, driving continuous improvement. <\/li>\n<\/ul>\n\n\n\n
- Improved efficiency across tiers:<\/strong> Tier 1 and Tier 2 analysts benefit from streamlined investigation and escalation, while senior staff gain the bandwidth to focus on strategy and tuning. <\/li>\n<\/ul>\n\n\n\n
- Lower workload and faster response:<\/strong> Automation cuts down manual triage and enrichment, letting analysts focus on critical threats, not routine tasks. <\/li>\n<\/ul>\n\n\n\n
- Expanded detection with 163 new behavior signatures<\/strong>, 13 YARA rules<\/strong>, and 2,772 Suricata rules<\/strong> <\/li>\n<\/ul>\n\n\n\n
- New Debian ARM VM <\/strong>for analyzing malware targeting IoT and embedded systems <\/li>\n<\/ul>\n\n\n\n