{"id":15256,"date":"2025-08-05T10:41:54","date_gmt":"2025-08-05T10:41:54","guid":{"rendered":"\/cybersecurity-blog\/?p=15256"},"modified":"2025-10-31T12:57:06","modified_gmt":"2025-10-31T12:57:06","slug":"threat-intelligence-feeds-ms-sentinel-connector","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/","title":{"rendered":"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> now delivers <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktofeeds\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence (TI) Feeds<\/a> directly to Microsoft Sentinel via a direct STIX\/TAXII integration.\u00a0No complicated setups. No custom scripts. Only high-quality indicators of compromise (IOCs) to fortify your SOC and catch attacks early, keeping your business secure.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About the TI Feeds Integration with Microsoft Sentinel \u00a0<\/h2>\n\n\n\n<p>ANY.RUN\u2019s TI Feeds integrate seamlessly with Microsoft Sentinel via an out-of-the-box connector to deliver real-time threat intelligence directly into your workspace.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Effortless Setup<\/strong>: Connect TI Feeds to Sentinel using&nbsp;the STIX\/TAXII connector&nbsp;with your custom API key.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced Automation<\/strong>: Sentinel\u2019s playbooks, powered by Azure Logic Apps, automatically correlate IOCs with your logs, triggering alerts or actions like blocking IPs. This cuts manual work and speeds up response times.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost Efficiency<\/strong>: Leverage your existing Sentinel setup without extra infrastructure costs. Fewer missed threats, thanks to high-fidelity IOCs, reduce the financial impact of breaches.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The IOCs enriched with links to sandbox sessions can be used in Sentinel\u2019s analytics, letting you build custom rules, visualize threats, and prioritize incidents effectively.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet access to malicious IOCs from attacks on <span class=\"highlight\">15K SOCs<\/span><br> Expand threat coverage. Slash MTTR. Identify incidents early&nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=ti_feeds_sentinel&#038;utm_term=050825&#038;utm_content=linktofeeds#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us for TI Feeds trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">What Makes ANY.RUN\u2019s Threat Intelligence Feeds Unique&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"577\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-1024x577.jpeg\" alt=\"\" class=\"wp-image-16530\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-1024x577.jpeg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-300x169.jpeg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-768x433.jpeg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-370x208.jpeg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-270x152.jpeg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large-740x417.jpeg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/screen02large.jpeg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em style=\"white-space: normal;\">TI Feeds offer IOCs for better detection and streamlined workflows<\/em><span style=\"font-family: -webkit-standard; white-space: normal;\">&nbsp;<\/span><\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN\u2019s TI Feeds deliver malicious IPs, domains, URLs that have been active for just hours, not days. We extract them from live sandbox analyses of the latest threats hitting <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000+<\/a> organizations worldwide. Unlike post-incident reports that lag behind, our feeds update in real time, sending active attack indicators straight to clients. This lets <a href=\"https:\/\/any.run\/cybersecurity-blog\/cyber-threat-hunting-tips\/\" target=\"_blank\" rel=\"noreferrer noopener\">MSSPs and SOCs<\/a> detect today\u2019s threats early and effectively, keeping systems secure.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fresh Data<\/strong>: IOCs update in real time from live attack detonations in <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linkolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rich Context<\/strong>: Each IOC links to sandbox sessions with full TTPs for deeper investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Low Noise<\/strong>: Pre-processing by expert analysts ensure near-zero false positives, saving your team time.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Flexible Integration<\/strong>: Thanks to <a href=\"https:\/\/any.run\/api-documentation\/\" target=\"_blank\" rel=\"noreferrer noopener\">API<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/sdk-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">SDK<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/taxii-protocol-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">STIX\/TAXII<\/a>&nbsp;support, TI Feeds work seamlessly with SIEM\/XDR\/firewalls and other solutions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How TI Feeds Help SOCs and MSSPs Spot Attacks in Time&nbsp;<\/h2>\n\n\n\n<p>Threats move fast. Malware and phishing can slip through if you\u2019re not ready. ANY.RUN TI Feeds give SOCs and MSSPs the edge to detect and stop attacks before they impact. Our <a href=\"https:\/\/any.run\/cybersecurity-blog\/quality-ti-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">high-fidelity IOCs<\/a> \u2014 IPs, domains, URLs \u2014 come enriched with context from ANY.RUN\u2019s Interactive Sandbox, ensuring you act with precision.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Catch Threats Early<\/strong>: Real-time <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> enable preventive actions and rapid response to minimize damage.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Boost Detection Rate<\/strong>: Near-zero false positives and pre-processing help ensure that your SOC never misses a threat.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lower Costs and Risks<\/strong>: Fewer undetected threats mean reduced financial and operational fallout. Fresh, reliable IOCs help you avoid costly breaches.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cut MTTR<\/strong>: Faster alert <a href=\"https:\/\/any.run\/cybersecurity-blog\/faster-alert-triage-with-ti-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">triage<\/a> and a complete threat visibility thanks to linked sandbox analyses informs responders\u2019 actions, helping them prevent threat spread and reduce damage.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improve SOC Performance<\/strong>: Automate threat processing, cutting manual tasks for SOC specialists and letting them prioritize top risks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Receive Threat Intelligence Feeds in Microsoft Sentinel&nbsp;<\/h2>\n\n\n\n<p>Here is a detailed manual to guide your TI Feeds setup in Microsoft Sentinel. Should you need any assistance or have any questions, feel free to <a href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktocontactus\" target=\"_blank\" rel=\"noreferrer noopener\">contact us<\/a>.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Connecting to the STIX\/TAXII server&nbsp;<\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Open MS Sentinel and go to the <strong>Data connectors <\/strong>tab in the <strong>Configuration <\/strong>section.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"486\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3.png\" alt=\"\" class=\"wp-image-15259\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3.png 936w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3-768x399.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image-3-740x384.png 740w\" sizes=\"(max-width: 936px) 100vw, 936px\" \/><figcaption class=\"wp-element-caption\"><em>Start setup in your Sentinel workspace<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>2. Search for the <strong>Threat Intelligence STIX\/TAXII <\/strong>connector and click <strong>Open connector page<\/strong>.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"474\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1.png\" alt=\"\" class=\"wp-image-15260\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1.png 900w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1-300x158.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1-768x404.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1-370x195.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image2-1-740x390.png 740w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><figcaption class=\"wp-element-caption\"><em>Use Search in Data connectors tab to find ANY.RUN\u2019s STIX\/TAXII one<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>3. You will see the list of prerequisites for the connector to work. If you lack any of them, view this <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/connect-threat-intelligence-taxii\" target=\"_blank\" rel=\"noreferrer noopener\">documentation by Microsoft.<\/a> &nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"286\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1.png\" alt=\"\" class=\"wp-image-15261\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1.png 936w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1-300x92.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1-768x235.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1-370x113.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1-270x83.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image3-1-740x226.png 740w\" sizes=\"(max-width: 936px) 100vw, 936px\" \/><figcaption class=\"wp-element-caption\"><em>Check the prerequisites for the connection<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>4. Fill out the <strong>Configuration <\/strong>form:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Name the server via the <strong>Friendly name<\/strong> field&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Insert <strong>API root URL<\/strong>:&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/api.any.run\/v1\/feeds\/taxii2\/api1\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Choose a <strong>Collection ID<\/strong>:&nbsp;<\/li>\n<\/ul>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-244\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"3\"\n           data-rows=\"5\"\n           data-wpID=\"244\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Name                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Description                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        ID                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        All indicators                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Contains IOCs of all formats (IPs, Domains, URLs)                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3dce855a-c044-5d49-9334-533c24678c5a                     <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        IPs collection                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Contains only IPs                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        55cda200-e261-5908-b910-f0e18909ef3d                     <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Domains collection                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Contains only Domains                      <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2e0aa90a-5526-5a43-84ad-3db6f4549a09                     <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        URLs collection                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Contains only URLs                     <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        05bfa343-e79f-57ec-8677-3122ca33d352                     <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-244'>\ntable#wpdtSimpleTable-244{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-244 td, table.wpdtSimpleTable244 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enter your <strong>Username <\/strong>and <strong>Password.<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>If you don\u2019t have these credentials, contact your account manager at ANY.RUN or fill out <a href=\"https:\/\/any.run\/demo\/?utm_source=opencti_marketplace&amp;utm_medium=integration&amp;utm_campaign=opencti_form\" target=\"_blank\" rel=\"noreferrer noopener\">this form<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can also choose to import all available indicators or those that are one day, week, or month old via the field<strong> Import indicators<\/strong>. Another optional setting is <strong>Polling frequency <\/strong>that determines how often you\u2019d like to connect to the STIX\/TAXII server to retrieve new feeds: once a minute, once an hour, or once a day.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"859\" height=\"376\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4.png\" alt=\"\" class=\"wp-image-15262\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4.png 859w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4-300x131.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4-768x336.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4-370x162.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4-270x118.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image4-740x324.png 740w\" sizes=\"(max-width: 859px) 100vw, 859px\" \/><figcaption class=\"wp-element-caption\"><em>Configure your STIX\/TAXII server setting up mandatory and optional parameters<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Finally, click <strong>Add<\/strong>,<strong> <\/strong>and you\u2019re all set up.&nbsp;<\/p>\n\n\n\n<p>If you need more information, <a href=\"https:\/\/intelligence.any.run\/feeds\" target=\"_blank\" rel=\"noreferrer noopener\">see STIX\/TAXII documentation by ANY.RUN<\/a>.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Browsing indicators&nbsp;<\/h3>\n\n\n\n<p>To access the indicators you\u2019ve retrieved, go to the <strong>Threat intelligence<\/strong> tab.&nbsp;<\/p>\n\n\n\n<p>You\u2019ll find a table with fields describing each indicator:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Values <\/strong>\u2013 indicator itself;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Names <\/strong>\u2013 name of an indicator;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Types <\/strong>\u2013 type of an indicator (IP, URL, or Domain);&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sources <\/strong>\u2013 source of an indicator;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Confidence <\/strong>\u2013 this rate determines our level of certainty on whether an indicator is malicious (50 \u2013 suspicious, 75 \u2013 likely malicious, 100 \u2013 malicious);&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alerts <\/strong>\u2013 number of alerts related to an indicator;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tags <\/strong>\u2013 descriptors of an indicator;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Valid from <\/strong>and <strong>Valid until<\/strong> \u2013 time period during which an indicator is considered valid.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"493\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1.png\" alt=\"\" class=\"wp-image-15263\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1.png 936w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1-300x158.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1-768x405.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1-370x195.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/08\/image5-1-740x390.png 740w\" sizes=\"(max-width: 936px) 100vw, 936px\" \/><figcaption class=\"wp-element-caption\"><em>Indicators with key parameters accessible for browsing<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Real-World Application Scenario<\/h2>\n\n\n\n<p>Here&#8217;s a typical flow your security operations can adopt:&nbsp;<\/p>\n\n\n\n<p><strong>1. Feed Setup<\/strong>: Your security team configures IOC ingestion from ANY.RUN into Microsoft Sentinel, where data is indexed and becomes searchable.&nbsp;<\/p>\n\n\n\n<p><strong>2. Automated Correlation:<\/strong> Sentinel continuously analyzes incoming logs from EDR systems, network equipment, proxies, email security, and other sources, automatically correlating them with ANY.RUN\u2019s IOCs.&nbsp;<\/p>\n\n\n\n<p><strong>3. Alert Generation:<\/strong> When matches are detected (IP addresses, domains, file hashes), Sentinel creates security events and alerts.&nbsp;<\/p>\n\n\n\n<p><strong>4. Streamlined Triage:<\/strong> Alerts are routed to analysts for manual or semi-automated incident analysis, including log review, event correlation, and behavioral analysis.&nbsp;<\/p>\n\n\n\n<p><strong>5. Rapid Response:<\/strong> Depending on your configuration, the system can execute manual or automated responses including isolation, blocking, or escalation procedures.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How TI Feeds in MS Sentinel Boost SOC &amp; MSSP Performance&nbsp;<\/h2>\n\n\n\n<p>Plug ANY.RUN\u2019s feeds into Microsoft Sentinel with minimal setup, leveraging existing infrastructure, and benefit from:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster Threat Detection<\/strong>: Fresh IOCs flow into your system quickly, accelerating identification of threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Seamless Interoperability:<\/strong> No need to overhaul processes or tools \u2014 TI feeds work within your Sentinel environment.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced Monitoring and Triage Capabilities<\/strong>: Expand your threat detection coverage with high-confidence indicators that improve both monitoring effectiveness and incident triage accuracy.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Access to Unique Data<\/strong>: Gain insights from real-time analysis of attacks on 15,000 organizations, powered by ANY.RUN\u2019s Interactive Sandbox.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost Efficiency: <\/strong>Reduce setup costs by using a seamless STIX\/TAXII connector.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Process Continuity: <\/strong>Maintain existing workflows without disruption.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automation and Reduced Workload<\/strong>: Automate actions based on IOCs (e.g., flagging logs, isolating endpoints), freeing up SOC resources.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Competitive Edge for MSSPs: <\/strong>Stand out with exclusive IOCs derived from cutting-edge research, enhancing your service offerings.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> is trusted by more than 500,000 cybersecurity professionals and 15,000+ organizations across finance, healthcare, manufacturing, and other critical industries. Our platform helps security teams investigate threats faster and with more clarity.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Speed up incident response with our&nbsp;<strong><a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a><\/strong>: analyze suspicious files in real time, observe behavior as it unfolds, and make faster, more informed decisions.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Strengthen detection with&nbsp;<strong><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktotilookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a><\/strong>&nbsp;and&nbsp;<strong><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktotifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">TI Feeds<\/a><\/strong>: give your team the context they need to stay ahead of today\u2019s most advanced threats.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Want to see it in action?&nbsp;<a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_sentinel&amp;utm_term=050825&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Start your 14-day trial of ANY.RUN today \u2192<\/strong><\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN now delivers Threat Intelligence (TI) Feeds directly to Microsoft Sentinel via a direct STIX\/TAXII integration.\u00a0No complicated setups. No custom scripts. Only high-quality indicators of compromise (IOCs) to fortify your SOC and catch attacks early, keeping your business secure.\u00a0 About the TI Feeds Integration with Microsoft Sentinel \u00a0 ANY.RUN\u2019s TI Feeds integrate seamlessly with Microsoft [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15269,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81],"tags":[57,10,34,55,56],"class_list":["post-15256","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Ingest fresh IOCs from 15K SOCs into your Microsoft Sentinel SIEM to expand threat coverage and increase detection rate.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence\",\"datePublished\":\"2025-08-05T10:41:54+00:00\",\"dateModified\":\"2025-10-31T12:57:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\"},\"wordCount\":1332,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"release\",\"update\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\",\"name\":\"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-08-05T10:41:54+00:00\",\"dateModified\":\"2025-10-31T12:57:06+00:00\",\"description\":\"Ingest fresh IOCs from 15K SOCs into your Microsoft Sentinel SIEM to expand threat coverage and increase detection rate.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence - ANY.RUN&#039;s Cybersecurity Blog","description":"Ingest fresh IOCs from 15K SOCs into your Microsoft Sentinel SIEM to expand threat coverage and increase detection rate.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence","datePublished":"2025-08-05T10:41:54+00:00","dateModified":"2025-10-31T12:57:06+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/"},"wordCount":1332,"commentCount":1,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","release","update"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/","url":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/","name":"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-08-05T10:41:54+00:00","dateModified":"2025-10-31T12:57:06+00:00","description":"Ingest fresh IOCs from 15K SOCs into your Microsoft Sentinel SIEM to expand threat coverage and increase detection rate.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-ms-sentinel-connector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"ANY.RUN &amp; Microsoft Sentinel: Catch Emerging Threats with Real-Time Threat Intelligence"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15256"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=15256"}],"version-history":[{"count":18,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15256\/revisions"}],"predecessor-version":[{"id":16637,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15256\/revisions\/16637"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/15269"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=15256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=15256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=15256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}