{"id":17759,"date":"2026-03-11T05:48:56","date_gmt":"2026-03-11T05:48:56","guid":{"rendered":"\/cybersecurity-blog\/?p=17759"},"modified":"2026-03-11T14:00:31","modified_gmt":"2026-03-11T14:00:31","slug":"anyrun-tines-integration","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/","title":{"rendered":"ANY.RUN\u00a0&amp;\u00a0Tines: Scale SOC and Meet SLAs with Intelligent Workflows"},"content":{"rendered":"\n<p>In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The&nbsp;<a href=\"https:\/\/www.tines.com\/library\/stories\/1331102\/?name=analyze-files-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN integration<\/a>&nbsp;with <a href=\"https:\/\/www.tines.com\/\">Tines<\/a> brings trusted verdicts and behavioral intelligence directly into the workflows you build in Tines. You can validate alerts, enrich incidents, and respond faster without switching tools, helping you reduce mean time to respond (MTTR) and keep investigations moving.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ANY.RUN&nbsp;X&nbsp;Tines Integration:&nbsp;Faster Triage&nbsp;with&nbsp;Behavior-Driven Context&nbsp;<\/h2>\n\n\n\n<p>The new integration lets your SOC team pull actionable verdicts and intel from <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> and <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> straight into the workflows built in Tines. Instead of jumping between different tabs to confirm behavior or collect indicators, you can validate alerts, prioritize critical events, and enrich incidents with behavioral intelligence\u2014right within Tines.<\/p>\n\n\n\n<p>It&nbsp;is available to&nbsp;all ANY.RUN customers with API access, including&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-enterprise-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprise Sandbox<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-lookup-new-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup Premium<\/a>, and&nbsp;<a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">trial users<\/a>.&nbsp;You can run everything through the Tines workflow platform or make direct API calls.&nbsp;<\/p>\n\n\n\n<p>The goal is simple: bring fast detonation results and fresh intelligence right into your workflow, so investigations keep moving without extra steps slowing you down.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"581\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-1024x581.png\" alt=\"\" class=\"wp-image-17767\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-1024x581.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-768x436.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-1536x871.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-2048x1162.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-370x210.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image-3-740x420.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Tines story for automating URL analysis with ANY.RUN<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">The Difference&nbsp;You\u2019ll&nbsp;See in Your SOC&nbsp;<\/h2>\n\n\n\n<p>The integration affects several parts of the investigation workflow, improving both speed and decision quality:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduce mean time to respond (MTTR):&nbsp;<\/strong>Automate detonation and&nbsp;enrichment,&nbsp;so analysts get verdicts and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/iocs-iobs-ioas-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>&nbsp;within minutes, shortening investigation cycles and resolution times across the SOC.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improve triage accuracy and cut false positives:&nbsp;<\/strong><a href=\"https:\/\/any.run\/cybersecurity-blog\/interactive-malware-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Behavioral verification<\/a>&nbsp;from ANY.RUN delivers ground truth for detections, helping the team focus on real threats and reduce wasted effort.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Handle more incidents without adding&nbsp;headcount:&nbsp;<\/strong>Routine analysis and enrichment run automatically in Tines,&nbsp;maintaining&nbsp;coverage during alert spikes while freeing analysts for complex cases.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Meet SLAs consistently as an MSSP<\/strong>: Automated sandboxing and enrichment&nbsp;<a href=\"https:\/\/any.run\/mssp\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktomssp\" target=\"_blank\" rel=\"noreferrer noopener\">help&nbsp;MSSPs<\/a>&nbsp;deliver fast, quality services, and scale response capacity without extra integration overhead.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Combined, these improvements shorten detection\u2011to\u2011mitigation time&nbsp;from hours to minutes, lower analyst workload, and boost&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/soc-leaders-playbook-faster-mttr\/\" target=\"_blank\" rel=\"noreferrer noopener\">SOC throughput<\/a>.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nSpeed up investigations inside Tines with ANY.RUN<br>Scale response <span class=\"highlight\">without adding headcount<\/span>\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Tines-integration&#038;utm_term=150126&#038;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Interactive Malware Sandbox in Tines&nbsp;<\/h2>\n\n\n\n<p><strong>ANY.RUN\u2019s&nbsp;<\/strong><a href=\"https:\/\/www.tines.com\/library\/stories\/1331102\/?name=analyze-files-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox&nbsp;integration with Tines<\/a>&nbsp;brings live, behavior\u2011based malware analysis into the workflows you build in Tines. Instead of relying on static detections or manual uploads, you receive real-time verdicts, IOCs, and behavioral data directly within your Tines workflows.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Capabilities&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Submit&nbsp;<a href=\"https:\/\/www.tines.com\/library\/stories\/1331102\/?name=analyze-files-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">suspicious files<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/www.tines.com\/library\/stories\/1331101\/?name=analyze-urls-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">URLs<\/a>&nbsp;from any Tines story for automatic detonation and observation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Retrieve verdicts, IOCs, and full HTML reports as structured outputs.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reuse sandbox results across workflows or&nbsp;forward&nbsp;them to SIEM\/EDR platforms through API actions.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"547\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-1024x547.png\" alt=\"\" class=\"wp-image-17768\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-1024x547.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-300x160.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-768x410.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-1536x821.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-2048x1094.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-370x198.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-270x144.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-1-740x395.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN sandbox verdict for a URL shown in Tines, including malicious activity detection and extracted IOCs<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Example:<\/strong>&nbsp;Suspicious&nbsp;email attachments can be automatically sent for sandbox analysis. The resulting verdict and IOCs flow back to Tines, which then&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/all-integrations-and-connectors\/\" target=\"_blank\" rel=\"noreferrer noopener\">updates your SIEM<\/a>&nbsp;or blocks the relevant indicators.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Benefits&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster validation:&nbsp;<\/strong>Confirm if a file or link is malicious before escalation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Consistent triage:&nbsp;<\/strong>Every sample is processed with the same standard,&nbsp;eliminating&nbsp;delays or missed steps.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Actionable context:&nbsp;<\/strong>Behavioral data and network activity indicators feed directly into response actions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence Lookup in Tines&nbsp;<\/h2>\n\n\n\n<p><strong>ANY.RUN\u2019s&nbsp;<\/strong><a href=\"https:\/\/www.tines.com\/library\/stories\/1331005\/?name=look-up-threat-intelligence-data-in-any-run-and-notify-via-email\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup&nbsp;integration with Tines<\/a>&nbsp;adds context\u2011rich&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/how-threat-intelligence-lookup-helps-enterprises\/\" target=\"_blank\" rel=\"noreferrer noopener\">intelligence<\/a>&nbsp;to automated processes. Each time a new IP, domain, or hash appears, you can check it against&nbsp;ANY.RUN\u2019s continuously updated database of recent malware activity to enrich your decisions.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Capabilities&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automatically perform lookups for IOCs inside any Tines story.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Retrieve brief overviews or full JSON data with reputation,&nbsp;threat&nbsp;family, and activity history.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Combine Lookup results with internal data sources to refine correlation and playbook logic.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"545\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-1024x545.png\" alt=\"\" class=\"wp-image-17769\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-1024x545.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-300x160.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-768x409.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-1536x817.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-2048x1090.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-370x197.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-270x144.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-1-740x394.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup results returned inside a Tines story, showing verdict, threat level, and IOC details<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Example:<\/strong>&nbsp;When a newly observed IOC triggers an alert, Tines can automatically query&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration-with-ANY.RUN&amp;utm_term=150126&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">TI&nbsp;Lookup<\/a>&nbsp;for reputation data and campaign context,&nbsp;helping analysts decide whether to escalate or suppress the event.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Benefits&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Higher detection fidelity:&nbsp;<\/strong>Real\u2011world sandbox intelligence helps distinguish live threats from noise.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Smarter prioritization:&nbsp;<\/strong>Know which IOCs are still active and which are already dormant.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Efficient workflow chaining:&nbsp;<\/strong>Lookup results are ready to power next\u2011step actions like blocking, reporting, or case validation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nStrengthen triage with IOC intelligence\u00a0\n\n<br>Retrieve <span class=\"highlight\">fresh data<\/span> from ANY.RUN for every\u00a0alert\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Tines-integration&#038;utm_term=150126&#038;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">How You Can&nbsp;Get Started&nbsp;in Minutes&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN\u2019s integration with Tines includes ready\u2011to\u2011use automated workflows&nbsp;for file analysis, URL analysis, and TI&nbsp;Lookup queries.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can install it and start testing in just a few minutes, with no complex setup or custom scripting&nbsp;required.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.tines.com\/library\/stories\/1331102\/?name=analyze-files-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze files in ANY.RUN Sandbox \u2192<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.tines.com\/library\/stories\/1331101\/?name=analyze-urls-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze URLs in ANY.RUN Sandbox \u2192<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.tines.com\/library\/stories\/1331005\/?name=look-up-threat-intelligence-data-in-any-run-and-notify-via-email\" target=\"_blank\" rel=\"noreferrer noopener\">Look up threat intelligence data in ANY.RUN \u2192<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps security teams understand threats faster and&nbsp;take action&nbsp;with confidence.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The solution is trusted by over 500,000 security professionals and more than 15,000 organizations across sectors where speed and accuracy define successful response.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>&nbsp;lets&nbsp;teams safely run suspicious files and links, watch real behavior unfold, and confirm threats before they spread. Paired with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>, it delivers the context needed to sort alerts, cut uncertainty, and stop advanced attacks earlier in the response cycle.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Tines-integration&amp;utm_term=150126&amp;utm_content=linktoenterpriseform#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Request\u00a0access to ANY.RUN&#8217;s solutions \u2192<\/a>\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">FAQ&nbsp;<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1768469408455\"><strong class=\"schema-faq-question\"><strong>What problems does the ANY.RUN \u00d7\u00a0Tines\u00a0integration solve?<\/strong>\u00a0<br\/><\/strong> <p class=\"schema-faq-answer\">It removes the need to switch between tools to\u00a0validate\u00a0alerts. Sandbox results and TI Lookup context arrive directly inside your Tines stories, helping your team move investigations forward without stopping for manual checks.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469419235\"><strong class=\"schema-faq-question\"><strong>What does ANY.RUN return to Tines after analysis?<\/strong><br\/><\/strong> <p class=\"schema-faq-answer\">You get verdicts, behavior summaries, IOCs, network activity, risk scores, and optional full HTML reports; all as structured outputs that Tines can use in later steps.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469427840\"><strong class=\"schema-faq-question\"><strong>How fast do results come back?<\/strong><br\/><\/strong> <p class=\"schema-faq-answer\">Most verdicts return within minutes.\u00a0ANY.RUN reveals\u00a0the majority of\u00a0malicious behavior in the first 60 seconds, so playbooks\u00a0don\u2019t\u00a0stall waiting for enrichment.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469439294\"><strong class=\"schema-faq-question\"><strong>Is\u00a0the integration\u00a0available for trial users?<\/strong>\u00a0<br\/><\/strong> <p class=\"schema-faq-answer\">Yes. Anyone with ANY.RUN API access,\u00a0including trial users,\u00a0can use the integration.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469445908\"><strong class=\"schema-faq-question\"><strong>Will sandbox detonations slow down my playbooks?<\/strong>\u00a0<br\/><\/strong> <p class=\"schema-faq-answer\">No. Detonations run in parallel on ANY.RUN\u2019s side, and Tines continues the story when the result is ready. Most verdicts return within minutes.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469447664\"><strong class=\"schema-faq-question\"><strong>Can I use the output to update SIEM or EDR tools?<\/strong>\u00a0<br\/><\/strong> <p class=\"schema-faq-answer\">Yes. You can use Tines to pass ANY.RUN results to your existing systems.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469460095\"><strong class=\"schema-faq-question\"><strong>Does the integration support high-volume alerting?<\/strong>\u00a0<br\/><\/strong> <p class=\"schema-faq-answer\">Yes.\u00a0It\u2019s\u00a0built to run reliably during spikes, so routine detonations and lookups continue without interruption.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768469463265\"><strong class=\"schema-faq-question\"><strong>Can I create custom workflows with the integration?<\/strong>\u00a0<br\/><\/strong> <p class=\"schema-faq-answer\">Absolutely. The prebuilt stories are only a starting point;\u00a0you can adapt them to match your escalation rules, correlation logic, or existing playbooks.\u00a0<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>In busy SOC environments, every minute spent waiting for threat validation slows containment and impacts response metrics. The&nbsp;ANY.RUN integration&nbsp;with Tines brings trusted verdicts and behavioral intelligence directly into the workflows you build in Tines. You can validate alerts, enrich incidents, and respond faster without switching tools, helping you reduce mean time to respond (MTTR) and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":17762,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81],"tags":[57,10,34],"class_list":["post-17759","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Automating SOC with ANY.RUN and Tines<\/title>\n<meta name=\"description\" content=\"Learn how the ANY.RUN and Tines automate SOC triage with sandbox to reduce MTTR and improve response.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"ANY.RUN\u00a0&amp;\u00a0Tines: Scale SOC and Meet SLAs with Intelligent Workflows\",\"datePublished\":\"2026-03-11T05:48:56+00:00\",\"dateModified\":\"2026-03-11T14:00:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/\"},\"wordCount\":1264,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#respond\"]}]},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/\",\"name\":\"Automating SOC with ANY.RUN and Tines\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2026-03-11T05:48:56+00:00\",\"dateModified\":\"2026-03-11T14:00:31+00:00\",\"description\":\"Learn how the ANY.RUN and Tines automate SOC triage with sandbox to reduce MTTR and improve response.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469408455\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469419235\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469427840\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469439294\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469445908\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469447664\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469460095\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469463265\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANY.RUN\u00a0&amp;\u00a0Tines: Scale SOC and Meet SLAs with Intelligent Workflows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469408455\",\"position\":1,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469408455\",\"name\":\"What problems does the ANY.RUN \u00d7\u00a0Tines\u00a0integration solve?\u00a0\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"It removes the need to switch between tools to\u00a0validate\u00a0alerts. Sandbox results and TI Lookup context arrive directly inside your Tines stories, helping your team move investigations forward without stopping for manual checks.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469419235\",\"position\":2,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469419235\",\"name\":\"What does ANY.RUN return to Tines after analysis?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"You get verdicts, behavior summaries, IOCs, network activity, risk scores, and optional full HTML reports; all as structured outputs that Tines can use in later steps.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469427840\",\"position\":3,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469427840\",\"name\":\"How fast do results come back?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Most verdicts return within minutes.\u00a0ANY.RUN reveals\u00a0the majority of\u00a0malicious behavior in the first 60 seconds, so playbooks\u00a0don\u2019t\u00a0stall waiting for enrichment.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469439294\",\"position\":4,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469439294\",\"name\":\"Is\u00a0the integration\u00a0available for trial users?\u00a0\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. Anyone with ANY.RUN API access,\u00a0including trial users,\u00a0can use the integration.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469445908\",\"position\":5,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469445908\",\"name\":\"Will sandbox detonations slow down my playbooks?\u00a0\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"No. Detonations run in parallel on ANY.RUN\u2019s side, and Tines continues the story when the result is ready. Most verdicts return within minutes.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469447664\",\"position\":6,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469447664\",\"name\":\"Can I use the output to update SIEM or EDR tools?\u00a0\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. You can use Tines to pass ANY.RUN results to your existing systems.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469460095\",\"position\":7,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469460095\",\"name\":\"Does the integration support high-volume alerting?\u00a0\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes.\u00a0It\u2019s\u00a0built to run reliably during spikes, so routine detonations and lookups continue without interruption.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469463265\",\"position\":8,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469463265\",\"name\":\"Can I create custom workflows with the integration?\u00a0\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Absolutely. The prebuilt stories are only a starting point;\u00a0you can adapt them to match your escalation rules, correlation logic, or existing playbooks.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automating SOC with ANY.RUN and Tines","description":"Learn how the ANY.RUN and Tines automate SOC triage with sandbox to reduce MTTR and improve response.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"ANY.RUN\u00a0&amp;\u00a0Tines: Scale SOC and Meet SLAs with Intelligent Workflows","datePublished":"2026-03-11T05:48:56+00:00","dateModified":"2026-03-11T14:00:31+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/"},"wordCount":1264,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#respond"]}]},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/","url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/","name":"Automating SOC with ANY.RUN and Tines","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-03-11T05:48:56+00:00","dateModified":"2026-03-11T14:00:31+00:00","description":"Learn how the ANY.RUN and Tines automate SOC triage with sandbox to reduce MTTR and improve response.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469408455"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469419235"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469427840"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469439294"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469445908"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469447664"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469460095"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469463265"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"ANY.RUN\u00a0&amp;\u00a0Tines: Scale SOC and Meet SLAs with Intelligent Workflows"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469408455","position":1,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469408455","name":"What problems does the ANY.RUN \u00d7\u00a0Tines\u00a0integration solve?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It removes the need to switch between tools to\u00a0validate\u00a0alerts. Sandbox results and TI Lookup context arrive directly inside your Tines stories, helping your team move investigations forward without stopping for manual checks.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469419235","position":2,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469419235","name":"What does ANY.RUN return to Tines after analysis?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"You get verdicts, behavior summaries, IOCs, network activity, risk scores, and optional full HTML reports; all as structured outputs that Tines can use in later steps.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469427840","position":3,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469427840","name":"How fast do results come back?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Most verdicts return within minutes.\u00a0ANY.RUN reveals\u00a0the majority of\u00a0malicious behavior in the first 60 seconds, so playbooks\u00a0don\u2019t\u00a0stall waiting for enrichment.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469439294","position":4,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469439294","name":"Is\u00a0the integration\u00a0available for trial users?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Yes. Anyone with ANY.RUN API access,\u00a0including trial users,\u00a0can use the integration.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469445908","position":5,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469445908","name":"Will sandbox detonations slow down my playbooks?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"No. Detonations run in parallel on ANY.RUN\u2019s side, and Tines continues the story when the result is ready. Most verdicts return within minutes.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469447664","position":6,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469447664","name":"Can I use the output to update SIEM or EDR tools?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Yes. You can use Tines to pass ANY.RUN results to your existing systems.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469460095","position":7,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469460095","name":"Does the integration support high-volume alerting?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Yes.\u00a0It\u2019s\u00a0built to run reliably during spikes, so routine detonations and lookups continue without interruption.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469463265","position":8,"url":"https:\/\/any.run\/cybersecurity-blog\/anyrun-tines-integration\/#faq-question-1768469463265","name":"Can I create custom workflows with the integration?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Absolutely. The prebuilt stories are only a starting point;\u00a0you can adapt them to match your escalation rules, correlation logic, or existing playbooks.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17759"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=17759"}],"version-history":[{"count":17,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17759\/revisions"}],"predecessor-version":[{"id":19047,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17759\/revisions\/19047"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/17762"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=17759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=17759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=17759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}