{"id":15836,"date":"2025-09-16T08:35:20","date_gmt":"2025-09-16T08:35:20","guid":{"rendered":"\/cybersecurity-blog\/?p=15836"},"modified":"2025-12-30T10:14:40","modified_gmt":"2025-12-30T10:14:40","slug":"palo-alto-networks-cortex-xsoar-integration","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/","title":{"rendered":"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0"},"content":{"rendered":"\n<p>Swamped by incident alerts, Security Operations Centers (SOCs) struggle to quickly identify and prioritize high-risk attacks, leaving critical infrastructure exposed to ransomware and data theft. <a href=\"https:\/\/cortex.marketplace.pan.dev\/marketplace\/details\/ANYRUN\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s integration<\/a> with <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xsoar\" target=\"_blank\" rel=\"noreferrer noopener\">Palo Alto Networks Cortex XSOAR<\/a> solves this by automating proactive sandbox analysis and threat intelligence correlation to beat alert fatigue, boost detection rates, and accelerate security workflows.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ANY.RUN &amp; Palo Alto Networks Cortex XSOAR Integration&nbsp;<\/h2>\n\n\n\n<p>Security Operations Centers (SOCs) using Palo Alto Networks Cortex XSOAR can now seamlessly integrate <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s products<\/a> into their workflows.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The ANY.RUN content pack includes connectors for the Interactive Sandbox, Threat Intelligence Lookup, and Threat Intelligence Feeds, empowering SOCs to streamline alert triage, broaden threat detection, and improve identification of elusive malware.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/cortex.marketplace.pan.dev\/marketplace\/details\/ANYRUN\/\" target=\"_blank\" rel=\"noreferrer noopener\">Set up the integration in your workspace \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>With the ANY.RUN content pack, organizations can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detect evasive threats faster <\/strong>with automated sandbox analysis for stronger protection.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Prevent attacks proactively <\/strong>using real-time threat data to reduce breach risks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Clarify incidents <\/strong>with enriched threat context for quicker, more accurate response.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduce alert overload <\/strong>by automating analysis and response, saving SOC time.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ensure compliance <\/strong>with secure, private workflows for safe operations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Strengthen security posture <\/strong>by integrating sandboxing, threat data, and XSOAR automation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN\u2019s products <span class=\"highlight\">for stronger proactive security<\/span><br>Request a quote or demo for your SOC&nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=palo_alto_networks_integration&#038;utm_term=160925&#038;utm_content=linktocontactus\" target=\"_blank\" rel=\"noopener\">\nContact us<\/a>\n<!-- CTA Link -->\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n.regular-banner__link:hover {\nbackground-color: #FFFFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Interactive Sandbox in Palo Alto Networks Cortex XSOAR&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-1024x585.png\" alt=\"\" class=\"wp-image-15838\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-1024x585.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-768x439.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-740x423.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>File analysis with ANY.RUN\u2019s Interactive Sandbox inside Cortex XSOAR<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN\u2019s <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> is a cloud-based solution offering SOC teams immediate, real-time access to Windows, Linux (Ubuntu and Debian), and Android virtual environments for analyzing suspicious files and URLs.\u00a0<\/p>\n\n\n\n<p><a href=\"https:\/\/xsoar.pan.dev\/docs\/reference\/integrations\/anyrun-cloud-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Read documentation \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>With the ANY.RUN\u2019s Interactive Sandbox in Cortex XSOAR, users can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Submit a file, remote file, or URL for analysis across Windows, Linux, or Android operating systems.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Retrieve detailed report details and IOCs for a specific analysis in JSON, HTML.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Download file submission samples and analysis network traffic dumps for deeper incident response insights.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>All features are available for use behind the user\u2019s company internal\u00a0<strong>proxy\u00a0<\/strong>for added security.\u00a0<\/p>\n\n\n\n<p><strong>Benefits of the Interactive Sandbox in Palo Alto Networks Cortex XSOAR\u00a0<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Higher detection rate<\/strong>: Automated Interactivity ensures even evasive attacks are fully detonated and identified.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster incident resolution<\/strong>: Quick insights accelerate response to critical threats.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced alert fatigue<\/strong>: Focus only on severe incidents, while the sandbox identifies.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence Feeds in Palo Alto Networks Cortex XSOAR&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-1024x587.png\" alt=\"\" class=\"wp-image-15839\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-1024x587.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-300x172.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-768x440.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-1536x880.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-2048x1173.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-370x212.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-270x155.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-1-740x424.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>A malicious indicator from TI Feeds displayed inside Cortex XSOAR<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN\u2019s <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> empower SOCs and MSSPs to strengthen security with high-fidelity, actionable IOCs from real-time sandbox analysis. New indicators are continuously added to TI Feeds from sandbox investigations across 15,000+ organizations after filtering. This means you get a curated stream of malicious IPs, domains, and URLs that have been active for no more than several hours and can still be used to detect attacks that are happening right now.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/xsoar.pan.dev\/docs\/reference\/integrations\/anyrun-ti-feed\" target=\"_blank\" rel=\"noreferrer noopener\">Read documentation \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>With ANY.RUN\u2019s Threat Intelligence Feeds in Cortex XSOAR, users can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Correlate feed data with incoming alerts to identify high-risk threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use indicators to create new detection rules for proactive threat mitigation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automate threat hunting and response workflows using XSOAR playbooks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>All features are available for use behind the user\u2019s company internal\u00a0<strong>proxy\u00a0<\/strong>for added security.\u00a0<\/p>\n\n\n\n<p><strong>Benefits of Threat Intelligence Feeds in Palo Alto Networks Cortex XSOAR:\u00a0<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Expanded threat coverage<\/strong>: Real-time IOCs from 15,000+ organizations catch diverse threats.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced threat prioritization<\/strong>: Correlating alerts with IOCs highlights critical risks.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactive attack prevention<\/strong>: Fresh intelligence enables early threat detection.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence Lookup in Palo Alto Networks Cortex XSOAR&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"598\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-1024x598.png\" alt=\"\" class=\"wp-image-15840\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-1024x598.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-300x175.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-768x449.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-1536x897.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-370x216.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-270x158.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1-740x432.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-1.png 1840w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup delivers instant context on over 40 types of indicators of malicious activity<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN\u2019s <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktotilookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> offers a searchable database of up-to-date IOCs, IOBs, and IOAs, drawn from real-time sandbox analysis of active malware and phishing attacks across 15,000+ organizations (Learn more about <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-lookup-new-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup\u2019s capabilities<\/a>). This ensures fresh, actionable threat data is available swiftly post-attack.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/xsoar.pan.dev\/docs\/reference\/integrations\/anyrun-ti-lookup\" target=\"_blank\" rel=\"noreferrer noopener\">Read documentation \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>With the ANY.RUN\u2019s Threat Intelligence Lookup in Cortex XSOAR, users can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use the command line to quickly\u00a0validate\u00a0indicators (domains, hashes, IPs, URLs) across all solutions installed in the SOAR.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Perform deep searches for IOCs, IOAs, and IOBs to uncover detailed threat intelligence.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enrich incident investigations with extensive context on threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search threat info by parameters like threat level, OS, or submission country for targeted investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>All features are available for use behind the user\u2019s company internal\u00a0<strong>proxy<\/strong>\u00a0for added security.\u00a0<\/p>\n\n\n\n<p><strong>Benefits of Threat Intelligence Lookup in Palo Alto Networks Cortex XSOAR\u00a0<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Greater incident clarity<\/strong>: Rich threat data provides precise attack context.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Broader threat insight<\/strong>: Detailed <a href=\"https:\/\/any.run\/cybersecurity-blog\/iocs-iobs-ioas-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOC\/IOA\/IOB<\/a> analysis expands attack understanding.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced threat hunting<\/strong>: Targeted searches help identify hidden threats effectively.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>Trusted by over 500,000 cybersecurity professionals and 15,000+ organizations in finance, healthcare, manufacturing, and other critical industries, <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helps security teams investigate threats faster and with greater accuracy.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Our <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> accelerates incident response by allowing you to analyze suspicious files in real time, watch behavior as it unfolds, and make confident, well-informed decisions.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Our <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> and <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> strengthen detection by providing the context your team needs to anticipate and stop today\u2019s most advanced attacks.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Ready to see the difference? <a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=palo_alto_networks_integration&amp;utm_term=160925&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Start your 14-day trial of ANY.RUN today<\/a> \u2192&nbsp;&nbsp;<\/strong><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Swamped by incident alerts, Security Operations Centers (SOCs) struggle to quickly identify and prioritize high-risk attacks, leaving critical infrastructure exposed to ransomware and data theft. ANY.RUN\u2019s integration with Palo Alto Networks Cortex XSOAR solves this by automating proactive sandbox analysis and threat intelligence correlation to beat alert fatigue, boost detection rates, and accelerate security workflows.&nbsp; [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15843,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81],"tags":[57,10,34,55],"class_list":["post-15836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-release"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Solve alert fatigue, missed incidents, and slow response by integrating ANY.RUN in your Cortex XSOAR workspace.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0\",\"datePublished\":\"2025-09-16T08:35:20+00:00\",\"dateModified\":\"2025-12-30T10:14:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\"},\"wordCount\":947,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"release\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\",\"name\":\"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-09-16T08:35:20+00:00\",\"dateModified\":\"2025-12-30T10:14:40+00:00\",\"description\":\"Solve alert fatigue, missed incidents, and slow response by integrating ANY.RUN in your Cortex XSOAR workspace.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"Solve alert fatigue, missed incidents, and slow response by integrating ANY.RUN in your Cortex XSOAR workspace.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0","datePublished":"2025-09-16T08:35:20+00:00","dateModified":"2025-12-30T10:14:40+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/"},"wordCount":947,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","release"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/","url":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/","name":"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-09-16T08:35:20+00:00","dateModified":"2025-12-30T10:14:40+00:00","description":"Solve alert fatigue, missed incidents, and slow response by integrating ANY.RUN in your Cortex XSOAR workspace.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"ANY.RUN &amp; Palo Alto Networks Cortex XSOAR: Streamline SOC Workflows for Top Performance\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15836"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=15836"}],"version-history":[{"count":10,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15836\/revisions"}],"predecessor-version":[{"id":17625,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/15836\/revisions\/17625"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/15843"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=15836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=15836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=15836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}