{"id":16140,"date":"2025-09-30T12:04:04","date_gmt":"2025-09-30T12:04:04","guid":{"rendered":"\/cybersecurity-blog\/?p=16140"},"modified":"2026-01-22T11:21:20","modified_gmt":"2026-01-22T11:21:20","slug":"ms-defender-connectors","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/","title":{"rendered":"ANY.RUN &#038; MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0"},"content":{"rendered":"\n<p>Lack of context makes it hard for Security Operations Centers (SOC) to tell actual threats from false positives. <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>\u2019s <a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\" target=\"_blank\" rel=\"noreferrer noopener\">connectors for Microsoft Defender<\/a> bridge this gap by automating interactive sandbox analysis and providing real-time threat intelligence for correlation.\u00a0\u00a0<\/p>\n\n\n\n<p>As a result, security teams achieve faster incident resolution, reduced alert fatigue, and proactive threat detection all without disrupting existing workflows. Here\u2019s how.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ANY.RUN &amp; Microsoft Defender Connectors&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"534\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-1024x534.png\" alt=\"\" class=\"wp-image-16142\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-1024x534.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-768x401.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-1536x801.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-2048x1068.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-370x193.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-270x141.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-7-740x386.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Security teams can use ANY.RUN\u2019s products without leaving the MS Defender workspace<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>SOCs using Microsoft Defender can seamlessly connect <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s solutions<\/a> into their existing workflows, boosting their ability to combat advanced threats seamlessly and without disrupting existing processes.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The ANY.RUN connectors include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\/ANYRUN-Sandbox-MDE\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Interactive Sandbox connector<\/strong><\/a>: Automates the analysis of suspicious files and URLs, delivering detailed behavioral insights and IOCs directly within Microsoft Defender.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\/ANYRUN-TI-Feeds-MDE\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Feeds connector<\/strong><\/a>: Provides real-time, actionable indicators of compromise (IOCs) to enable proactive threat detection.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These connectors empower SOC teams to triage alerts efficiently, detect elusive malware, and respond to incidents faster, all while reducing operational overhead.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced threat detection<\/strong>: Real-time IOCs and behavioral analysis uncover evasive and targeted attacks that signature-based systems may miss.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced Mean Time to Respond (MTTR)<\/strong>: Automation of sandbox analysis and threat intelligence correlation cuts incident resolution time by tens of percent, enabling faster response to critical threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Decreased analyst workload<\/strong>: By automating routine tasks like file analysis and alert enrichment, analysts can focus on high-priority incidents, reducing burnout and improving productivity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improved MSSP competitiveness<\/strong>: Automated workflows help MSSPs meet SLAs, deliver higher-value services, and stand out in a competitive market.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost efficiency<\/strong>: Seamless interoperability with Microsoft Defender eliminates the need for costly infrastructure changes, maximizing ROI on existing tools.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN\u2019s products <span class=\"highlight\">for stronger proactive security<\/span><br>Request a quote or demo for your SOC&nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=defender_connector&#038;utm_term=300925&#038;utm_content=linktoenterprisepage#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us<\/a>\n<!-- CTA Link -->\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n.regular-banner__link:hover {\nbackground-color: #FFFFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Interactive Sandbox in Microsoft Defender<\/strong>&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"537\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-1024x537.png\" alt=\"\" class=\"wp-image-16143\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-1024x537.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-300x157.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-768x403.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-1536x806.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-2048x1074.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-370x194.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image2-6-740x388.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>File analysis verdict from the sandbox shown in MS Defender interface<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN\u2019s <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> is a cloud-based solution offering SOC teams immediate, real-time access to Windows, Linux, and Android virtual environments for analyzing suspicious files and URLs.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\/ANYRUN-Sandbox-MDE\" target=\"_blank\" rel=\"noreferrer noopener\">Read documentation \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>With the ANY.RUN Sandbox <a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\/ANYRUN-Sandbox-MDE\" target=\"_blank\" rel=\"noreferrer noopener\">connector in Microsoft Defender<\/a>, users can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Submit files and URLs for analysis across Windows, Ubuntu, or Android operating systems.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Get a verdict, IOCs, and threat info for the incident, as well as a link to the sandbox session.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dive deeper into analyses inside the sandbox via a single click to closely study malware&#8217;s behavior and traffic for deeper incident response insights.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The process is <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>fully automated<\/strong><\/a> by default. The built-in playbook detects files or URLs in alerts\/incidents and launches the analysis. Obtained IOCs are stored in the internal Threat Intelligence portal within Microsoft Defender.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Interactive Sandbox Boosts Microsoft Defender Workflows&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Higher detection rate<\/strong>: Automated Interactivity ensures even evasive attacks are fully detonated and identified.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster incident resolution<\/strong>: Quick sandbox analysis insights accelerate response to critical threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced alert fatigue<\/strong>: Focus only on severe incidents, while the sandbox provides verdicts for effective prioritization.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Threat Intelligence Feeds in Microsoft Defender<\/strong>&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"535\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-1024x535.png\" alt=\"\" class=\"wp-image-16144\" style=\"width:650px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-1024x535.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-300x157.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-768x401.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-1536x802.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-2048x1070.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-370x193.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-270x141.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-740x387.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>An alert generated in MS Defender based on an indicator from TI Feeds<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN\u2019s <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> empower SOCs and MSSPs to strengthen security with high-fidelity, actionable IOCs from real-time sandbox analysis. Indicators are continuously updated from sandbox investigations across <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000+ organizations<\/a>, delivering a curated stream of malicious IPs, domains, and URLs to detect ongoing attacks.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\/ANYRUN-TI-Feeds-MDE\" target=\"_blank\" rel=\"noreferrer noopener\">Read documentation \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>With the ANY.RUN Threat Intelligence Feeds <a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-microsoft\/tree\/main\/Microsoft%20Defender%20for%20Endpoint\/ANYRUN-TI-Feeds-MDE\" target=\"_blank\" rel=\"noreferrer noopener\">connector in Microsoft Defender<\/a>, users can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Correlate feed data with incoming alerts to identify high-risk threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use indicators to create new detection rules for proactive threat mitigation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automate threat hunting and response workflows using Microsoft Defender playbooks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Data such as IP addresses, URLs, and domains are automatically pulled into the system for analysis, playbook creation, and correlation.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The connector generates alerts if indicators from the feeds are detected in the client\u2019s infrastructure, matching the feed entry\u2019s status (medium, high).&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Threat Intelligence Feeds Boost Microsoft Defender Workflows&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Expanded threat coverage<\/strong>: Real-time IOCs from 15,000+ organizations boost SOC\u2019s ability to detect current threats, reducing the number of possible security gaps.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced threat prioritization<\/strong>: Correlating alerts with IOCs helps SOC teams identify critical risks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactive attack prevention<\/strong>: Fresh intelligence enables early threat detection to avoid any damage to the business.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>Trusted by over 500,000 cybersecurity professionals and 15,000+ organizations in finance, healthcare, manufacturing, and other critical industries, <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helps security teams investigate threats faster and with greater accuracy.&nbsp;&nbsp; &nbsp;&nbsp;<\/p>\n\n\n\n<p>Our <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> accelerates incident response by allowing you to analyze suspicious files in real time, watch behavior as it unfolds, and make confident, well-informed decisions.&nbsp;&nbsp; &nbsp;&nbsp;<\/p>\n\n\n\n<p>Our <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktolookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> and <a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> strengthen detection by providing the context your team needs to anticipate and stop today\u2019s most advanced attacks.&nbsp;&nbsp; &nbsp;&nbsp;<\/p>\n\n\n\n<p>Ready to see the difference?&nbsp; &nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=defender_connector&amp;utm_term=300925&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Start your 14-day trial of ANY.RUN today \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lack of context makes it hard for Security Operations Centers (SOC) to tell actual threats from false positives. ANY.RUN\u2019s connectors for Microsoft Defender bridge this gap by automating interactive sandbox analysis and providing real-time threat intelligence for correlation.\u00a0\u00a0 As a result, security teams achieve faster incident resolution, reduced alert fatigue, and proactive threat detection all [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16148,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81],"tags":[57,10,54,55],"class_list":["post-16140","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-features","tag-release"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ANY.RUN &amp; MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how your SOC can achieve faster incident resolution, reduced alert fatigue, and proactive threat detection in MS Defender.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"ANY.RUN &#038; MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0\",\"datePublished\":\"2025-09-30T12:04:04+00:00\",\"dateModified\":\"2026-01-22T11:21:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\"},\"wordCount\":874,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"release\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\",\"name\":\"ANY.RUN & MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-09-30T12:04:04+00:00\",\"dateModified\":\"2026-01-22T11:21:20+00:00\",\"description\":\"See how your SOC can achieve faster incident resolution, reduced alert fatigue, and proactive threat detection in MS Defender.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANY.RUN &#038; MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANY.RUN & MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"See how your SOC can achieve faster incident resolution, reduced alert fatigue, and proactive threat detection in MS Defender.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"ANY.RUN &#038; MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0","datePublished":"2025-09-30T12:04:04+00:00","dateModified":"2026-01-22T11:21:20+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/"},"wordCount":874,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","release"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/","url":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/","name":"ANY.RUN & MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-09-30T12:04:04+00:00","dateModified":"2026-01-22T11:21:20+00:00","description":"See how your SOC can achieve faster incident resolution, reduced alert fatigue, and proactive threat detection in MS Defender.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"ANY.RUN &#038; MS Defender: Enrich Alerts Faster, Stop Attacks Early\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16140"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=16140"}],"version-history":[{"count":17,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16140\/revisions"}],"predecessor-version":[{"id":17969,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16140\/revisions\/17969"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/16148"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=16140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=16140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=16140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}