{"id":16218,"date":"2025-10-02T11:37:36","date_gmt":"2025-10-02T11:37:36","guid":{"rendered":"\/cybersecurity-blog\/?p=16218"},"modified":"2026-02-03T14:52:22","modified_gmt":"2026-02-03T14:52:22","slug":"release-notes-september-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/","title":{"rendered":"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules"},"content":{"rendered":"\n<p>September brought big updates to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>. From&nbsp;<strong>four new connectors<\/strong>&nbsp;that plug our sandbox and threat intelligence straight into the world\u2019s top SIEM and SOAR platforms, to a&nbsp;<strong>redesigned <\/strong><a href=\"https:\/\/intelligence.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Lookup home screen<\/strong><\/a>&nbsp;built for speed and simplicity, your SOC now works smarter and faster than ever. &nbsp;<\/p>\n\n\n\n<p>Add in&nbsp;<strong>99 fresh signatures, 11 new <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-rules-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA<\/a> rules, and 2,322 <a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">Suricata<\/a> rules<\/strong>, and you\u2019ve got sharper coverage against the latest ransomware, stealers, and phishing campaigns.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Product Updates&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Expanding the Ecosystem: New Integrations and Connectors for Top SIEMs &amp; SOARs&nbsp;<\/h3>\n\n\n\n<p>We continue to grow the ANY.RUN ecosystem so security teams can work inside familiar platforms while gaining richer, faster visibility into threats. The new integrations with&nbsp;<strong>IBM QRadar SIEM, Palo Alto Networks Cortex XSOAR, Microsoft Sentinel, and Microsoft Defender<\/strong>&nbsp;bring sandboxing and real-time IOCs directly into your daily workflows.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-1024x585.png\" alt=\"\" class=\"wp-image-15838\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-1024x585.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-768x439.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3-740x423.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image-3.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>File analysis with ANY.RUN\u2019s Interactive Sandbox inside Cortex XSOAR<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Instead of switching platforms or manually enriching alerts, analysts can now automate malware analysis, correlate logs with high-fidelity IOCs, and prioritize incidents faster; all without disrupting existing workflows.&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/cybersecurity-blog\/ibm-siem-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">IBM QRadar SIEM<\/a>: Enrich log and event correlation with <a href=\"https:\/\/any.run\/cybersecurity-blog\/enrich-iocs-with-threat-intelligence\/\" target=\"_blank\" rel=\"noreferrer noopener\">real-time IOCs<\/a> from ANY.RUN\u2019s <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktotifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>. Analysts can pivot from QRadar alerts straight into sandbox context for faster triage.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/cybersecurity-blog\/palo-alto-networks-cortex-xsoar-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Palo Alto Networks Cortex XSOAR<\/a>: Build automated playbooks that include sandbox analysis enrichment, IOCs from TI Feeds, and <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktolookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence lookup<\/a> without leaving XSOAR.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-sandbox-ms-sentinel-connector\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Sentinel<\/a>: Detonate suspicious files and links directly from Sentinel alerts and get enriched verdicts and IOCs fed back automatically.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"535\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-1024x535.png\" alt=\"\" class=\"wp-image-16144\" style=\"width:650px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-1024x535.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-300x157.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-768x401.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-1536x802.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-2048x1070.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-370x193.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-270x141.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/image3-4-740x387.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>An alert generated in MS Defender based on an indicator from TI Feeds<\/em><\/figcaption><\/figure><\/div>\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/cybersecurity-blog\/ms-defender-connectors\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Defender<\/a>: Enhance endpoint alerts with <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> insights and live Threat Intelligence Feeds, reducing manual enrichment and improving accuracy.&nbsp;<\/li>\n<\/ol>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN\u2019s products <span class=\"highlight\">for stronger proactive security<\/span><br>Request a quote or demo for your SOC&nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=release_notes_sept_25&#038;utm_term=021025&#038;utm_content=linktoenterprisepage#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us<\/a>\n<!-- CTA Link -->\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n.regular-banner__link:hover {\nbackground-color: #FFFFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">What Security Teams Achieve with ANY.RUN Connectors&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Early Detection<\/strong>: Spot threats earlier in the kill chain with&nbsp;<strong>live IOCs from sandbox detonations<\/strong>, reducing breach risk by up to&nbsp;<strong>42% compared to static feeds<\/strong>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced MTTR<\/strong>: Automating enrichment and triage cuts investigation time by&nbsp;<strong>up to 21 minutes per incident<\/strong>, accelerating containment and remediation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lower Alert Fatigue<\/strong>: With nearly&nbsp;<strong>100% malicious IOCs<\/strong>, analysts waste less time chasing false positives, freeing focus for true high-risk alerts.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Higher Productivity<\/strong>: <a href=\"https:\/\/any.run\/cybersecurity-blog\/efficient-soc-for-fast-response\/\" target=\"_blank\" rel=\"noreferrer noopener\">SOC efficiency<\/a> improves by up to&nbsp;<strong>3x<\/strong>&nbsp;as routine checks and manual correlation are eliminated.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Connectors use API and STIX\/TAXII standards, ensuring smooth deployment with&nbsp;no need for workflow redesign or extra infrastructure. By leveraging existing SIEM and SOAR platforms, teams avoid duplicate tools and infrastructure, reducing total cost of ownership (TCO).&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Updated Threat Intelligence Home Screen&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"559\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-1024x559.png\" alt=\"\" class=\"wp-image-16226\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-1024x559.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-300x164.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-768x419.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-1536x838.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-2048x1117.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-370x202.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-270x147.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image2-740x404.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup\u2019s updated home screen<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>We\u2019ve redesigned the&nbsp;<a href=\"https:\/\/intelligence.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence (TI) Lookup home screen<\/strong><\/a>&nbsp;to make it more user-friendly and accessible for analysts of all levels.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nEnrich indicators with actionable data<br>on threats targeting <span class=\"highlight\">15K companies<\/span>\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=funklocker_analysis&#038;utm_term=011025&#038;utm_content=linktoservice\" target=\"_blank\" rel=\"noopener\">\nTry TI Lookup\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>The new layout now includes:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Explore &amp; Learn section<\/strong>: Quick access to daily top threats, public requests from the community, and expert-curated TI reports.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Beginner-friendly video tutorial<\/strong>: A short guide to help new users start searching, enriching, and analyzing IOCs right away.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Streamlined navigation<\/strong>: Cleaner interface for running lookups, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-rules-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA searches<\/a>, or custom requests with advanced logic.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>With these improvements, both new and experienced analysts can get to actionable threat intelligence faster, learn from the community, and explore the latest attack trends all in one place.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-1024x595.png\" alt=\"\" class=\"wp-image-16228\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-1024x595.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-300x174.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-768x446.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-1536x893.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-370x215.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-270x157.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3-740x430.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/10\/image3.png 1825w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The new UI of the TI Feeds page simplifies navigation<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Along with the TI home screen, we\u2019ve also updated the <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktotifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds page<\/a>. Now you can easily request a trial, download a sample, or set up an integration with your security systems in just a couple of clicks. &nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Coverage Update&nbsp;<\/h2>\n\n\n\n<p>In September, our team continued to strengthen detection capabilities so SOCs can stay ahead of new and evolving threats:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>99<\/strong>&nbsp;new signatures were added to improve coverage across malware families and techniques.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>11<\/strong>&nbsp;new YARA rules went live in production, enhancing accuracy and hunting capabilities.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2,322<\/strong>&nbsp;new Suricata rules were deployed, expanding detection for network-based attacks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These updates mean analysts gain faster, more confident verdicts in the sandbox and can enrich SIEM, SOAR, and IDS workflows with fresh, actionable IOCs.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New Behavior Signatures&nbsp;<\/h3>\n\n\n\n<p>This month\u2019s signatures help analysts detect obfuscation, destructive activity, and persistence earlier in the attack chain. The new coverage spans <a href=\"https:\/\/any.run\/malware-trends\/ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware<\/a>, <a href=\"https:\/\/any.run\/malware-trends\/loader\/\" target=\"_blank\" rel=\"noreferrer noopener\">loaders<\/a>, <a href=\"https:\/\/any.run\/malware-trends\/stealer\" target=\"_blank\" rel=\"noreferrer noopener\">stealers<\/a>, and <a href=\"https:\/\/any.run\/malware-trends\/rat\/\" target=\"_blank\" rel=\"noreferrer noopener\">RATs<\/a>, alongside mutex detections of legitimate tools abused by attackers.&nbsp;<\/p>\n\n\n\n<p>Highlighted families and techniques include:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6ee37487-7edd-4582-9fb1-f62aac34d6db\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Kekw<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e663b39d-859e-4b09-b618-80846108e392\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Odveta<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f440d180-7932-4858-b2ae-c7ae657e9f22\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Ryuk<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/78c79f5c-1fd9-44d6-8c56-58e7f5951ea7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">C77L<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/f7c08cda-0f95-4e90-bd6f-12a911628f34\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Nevada<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/84f884fa-1be6-40ec-870a-ac96196c2fbd\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Lorenz<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list wp-container-content-1\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/bb6fa777-9288-4aeb-a99b-e92664e34912\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Koxic<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c788334a-fa3d-4fb6-938e-f24e156cce1e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Exten<\/a>&nbsp;(mutex &amp; behavior)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list wp-container-content-2\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c8f618ad-cf5c-4fa4-9857-93e161d36c52\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">LockBit 4.0<\/a>&nbsp;\/&nbsp;<a href=\"https:\/\/app.any.run\/tasks\/2bf1c13f-4f96-4069-a3ec-804d8cb2c81a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">LockBit 5.0<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5a01f571-5a61-4b19-8397-3318506d30cf\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Nightsky<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c14a920c-0a0a-4f39-b9df-addf834eb12e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Lamia<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/75814bb7-66e0-4ad1-b7ee-66a87c358b13\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Promptlock<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a6fca38d-0580-4c39-91aa-6d3b974218f4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Aiwaifu<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7e2d230b-7979-4c67-8389-4dac232dba42\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Notdoor<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ae852ce8-8769-43ff-9acf-bfcfa03db791\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Valleyrat<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/21c9dec7-26d2-45f1-9384-0336f88ad2c9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Cocoloader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/66e9a3c0-8319-4bb4-8117-3447ec06c7ba\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Yibackdoor<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6af3db42-e756-44ba-b066-85d94ddeee6e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Chinotto<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/71708f4c-ed23-41f3-bf6e-31d870fb3996\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Jackpot (MedusaLocker)<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/747396af-3452-48ee-8099-98bddb628787\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Darkside PS<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/85abf8ab-283d-4921-b19b-07e4fd9bb88f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">MostereRAT<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7a6a4427-6c6d-47b8-970f-1bd9a88f62ac\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Raton<\/a>&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">YARA Rule Updates&nbsp;<\/h3>\n\n\n\n<p>In September, we introduced&nbsp;<strong>11 new YARA rules<\/strong>&nbsp;into production to help SOC teams detect emerging malware families, improve hunting accuracy, and broaden coverage across RATs, stealers, loaders, and C2 infrastructure. These rules give analysts faster verdicts and deeper visibility during investigations.&nbsp;<\/p>\n\n\n\n<p>Key additions include:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-2 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/898b9870-2641-4765-a9d3-dacdbde18c2b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">TrustViewer<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/5072e58c-818f-4953-b3ad-2026b8fca7d0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Millenium<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/7f4ffc6f-b4e5-413a-806a-1d8a382dc5ac\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Master<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2d3b2fa4-d79d-42d3-b7fe-a12c324b1c8c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BadJoke<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/26053535-5eba-45ae-ac46-c31a95e824d5\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">NightshadeC2<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8ac1a3e0-772d-4224-9e50-72eb45307905\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">GravityRAT<\/a>&nbsp; &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/651be493-a49a-46c7-b22a-15b6679791b0\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sindoor<\/a> &nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/94b48631-2cb4-4e9c-bd54-9bcf1f1c503e\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">BabylonRAT<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/ea369295-963c-4d9c-83b9-7d3b7bee0197\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Sutealer<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/373fd5b9-b6a4-46bf-8280-e09688b607d3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Akira Stealer<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/bb84c627-8873-4ed8-8aea-af4bc5c2ce66\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">ZynorRAT<\/a>&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">New Suricata Rules&nbsp;<\/h3>\n\n\n\n<p>In September, we added&nbsp;<strong>2,322 new Suricata rules<\/strong>&nbsp;to strengthen network-based detections against phishing, exfiltration, and evasive malware activity. These rules help SOCs identify threats earlier at the network layer and reduce investigation blind spots.&nbsp;<\/p>\n\n\n\n<p>Key highlights include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Google Auth Phishing Activity (sid:85003912)<\/strong>: Detects phishing attempts based on mismatched domains and authorization URLs.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Generic Phishkit Exfiltration Attempt (sid:85003960):<\/strong>&nbsp;Flags HTTP requests from newly observed phishing frameworks, potentially PhaaS-based.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tycoon 2FA Domain Generation Algorithms (sids: 85004041\u201385004047): <\/strong>Identifies DGA patterns across multiple TLD zones used by Tycoon 2FA infrastructure.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> supports more than&nbsp;15,000 organizations&nbsp;worldwide across industries like banking, manufacturing, telecom, healthcare, retail, and technology, helping them build faster, smarter, and more resilient cybersecurity operations.&nbsp;<\/p>\n\n\n\n<p>Our&nbsp;cloud-based <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>&nbsp;enables teams to safely analyze threats targeting Windows, Linux, and Android systems in under&nbsp;40 seconds, with no complex infrastructure required. <\/p>\n\n\n\n<p>Combined with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktolookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> and <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=funklocker_analysis&amp;utm_term=011025&amp;utm_content=linktotifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>, ANY.RUN empowers SOC teams to accelerate investigations, cut risks, and improve efficiency at every stage of the threat detection workflow.&nbsp;<\/p>\n\n\n\n<p>Ready to see the difference?&nbsp; &nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=release_notes_sept_25&amp;utm_term=021025&amp;utm_content=linktoenterprisepage#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Start your 14-day trial of ANY.RUN today \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>September brought big updates to ANY.RUN. From&nbsp;four new connectors&nbsp;that plug our sandbox and threat intelligence straight into the world\u2019s top SIEM and SOAR platforms, to a&nbsp;redesigned Threat Intelligence Lookup home screen&nbsp;built for speed and simplicity, your SOC now works smarter and faster than ever. &nbsp; Add in&nbsp;99 fresh signatures, 11 new YARA rules, and 2,322 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15741,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,55,56],"class_list":["post-16218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Discover the key updates from ANY.RUN in September 2025, including new connectors for SIEM &amp; SOAR platforms, detection rules, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules\",\"datePublished\":\"2025-10-02T11:37:36+00:00\",\"dateModified\":\"2026-02-03T14:52:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/\"},\"wordCount\":1148,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/\",\"name\":\"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-10-02T11:37:36+00:00\",\"dateModified\":\"2026-02-03T14:52:22+00:00\",\"description\":\"Discover the key updates from ANY.RUN in September 2025, including new connectors for SIEM & SOAR platforms, detection rules, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules - ANY.RUN&#039;s Cybersecurity Blog","description":"Discover the key updates from ANY.RUN in September 2025, including new connectors for SIEM & SOAR platforms, detection rules, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules","datePublished":"2025-10-02T11:37:36+00:00","dateModified":"2026-02-03T14:52:22+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/"},"wordCount":1148,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/","name":"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-10-02T11:37:36+00:00","dateModified":"2026-02-03T14:52:22+00:00","description":"Discover the key updates from ANY.RUN in September 2025, including new connectors for SIEM & SOAR platforms, detection rules, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/release-notes-september-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16218"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=16218"}],"version-history":[{"count":18,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16218\/revisions"}],"predecessor-version":[{"id":18311,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/16218\/revisions\/18311"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/15741"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=16218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=16218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=16218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}