{"id":20272,"date":"2026-04-22T13:14:24","date_gmt":"2026-04-22T13:14:24","guid":{"rendered":"https:\/\/any.run\/cybersecurity-blog\/?p=20272"},"modified":"2026-04-22T13:27:48","modified_gmt":"2026-04-22T13:27:48","slug":"expanded-free-ti-plan","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/","title":{"rendered":"More\u00a0Attack\u00a0Context\u00a0for\u00a0Faster\u00a0Triage,\u00a0Response, and Hunting.\u00a0Now\u00a0Available\u00a0to\u00a0Every\u00a0SOC\u00a0"},"content":{"rendered":"\n<p>ANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s&nbsp;how your team can test&nbsp;TI&#8217;s impact on triage&nbsp;quality, response&nbsp;speed, and threat hunting workflows.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">See&nbsp;How&nbsp;Threat Intelligence&nbsp;Accelerates Your SOC&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN now&nbsp;offers&nbsp;<strong>20&nbsp;premium&nbsp;requests in&nbsp;<\/strong><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Lookup<\/strong><\/a><strong>&nbsp;and&nbsp;<\/strong><a href=\"https:\/\/intelligence.any.run\/analysis\/yara?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>YARA Search<\/strong><\/a><strong>&nbsp;<\/strong>as part of the&nbsp;<a href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktotipricing\" target=\"_blank\" rel=\"noreferrer noopener\">Free plan<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can&nbsp;get&nbsp;<strong>immediate threat context for&nbsp;over 40 types of IOCs, IOBs, and IOAs&nbsp;<\/strong>belonging to the latest malware &amp; phishing&nbsp;attacks. All data is&nbsp;sourced from real&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">sandbox<\/a>&nbsp;investigations by ANY.RUN\u2019s community&nbsp;of 15,000 organizations and 600,000 security&nbsp;analysts&nbsp;and experts.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"540\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-1024x540.png\" alt=\"\" class=\"wp-image-20284\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-1024x540.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-300x158.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-768x405.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-370x195.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0-740x390.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_0.png 1522w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI assistant interprets a lookup request in natural language, helps select sandbox analyses of malware using a TTP<\/em><\/figcaption><\/figure>\n\n\n\n<p>AI-assisted search is available directly in the query flow, allowing analysts to use natural language and move from question to results without manual query building.&nbsp;<\/p>\n\n\n\n<p>With this expanded access, SOC and MSSP teams can explore Threat Intelligence capabilities in their workflows and see how it affects core SOC processes&nbsp;for&nbsp;<strong>faster and&nbsp;more confident&nbsp;operations<\/strong>:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduce triage time:<\/strong>&nbsp;Validate&nbsp;alerts against ANY.RUN\u2019s threat database to get immediate verdicts, full context, and access to related samples and activity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improve response accuracy:<\/strong>&nbsp;Pivot from a single indicator to connected infrastructure, artifacts, and behavior to understand how the attack unfolds and what else&nbsp;needs&nbsp;containment.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Run more effective threat hunts:<\/strong>&nbsp;Test hypotheses against live attack data, find related samples with YARA Search, and confirm relevance before expanding the hunt.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Build detections based on real attacks:<\/strong>&nbsp;Use discovered patterns and artifacts to create or refine detections aligned with current malware and phishing activity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>This directly&nbsp;impacts&nbsp;key SOC metrics, including reduced time per investigation, lower escalation rates, and faster Mean Time to Respond.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAccelerate\u00a0security\u00a0workflows for faster triage &#038; response. <br>\n<span class=\"highlight\">Test Threat Intelligence in your SOC or MSSP.<br><\/span><\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=expanded-free-ti-plan&#038;utm_term=220426&#038;utm_content=linktotipricing#contact-sales\" rel=\"noopener\" target=\"_blank\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">AI Search&nbsp;for Streamlined Investigations&nbsp;<\/h3>\n\n\n\n<p>To speed up investigations and simplify how analysts work with Threat Intelligence, TI Lookup now includes AI-assisted search directly in the search bar.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-1024x595.png\" alt=\"\" class=\"wp-image-20295\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-1024x595.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-300x174.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-768x447.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-370x215.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-270x157.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1-740x430.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_1.png 1510w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI Search suggesting a lookup parameter<\/em><\/figcaption><\/figure>\n\n\n\n<p>Analysts can use natural language to query data, while the system automatically translates requests into structured queries with the correct parameters and wildcards.&nbsp;<\/p>\n\n\n\n<p>This removes time spent on query construction and reduces friction in the workflow. Analysts move faster from alert to context, run more queries in less time, and get consistent results without&nbsp;additional&nbsp;steps.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fueling Core SOC Workflows&nbsp;<\/h2>\n\n\n\n<p>Threat intelligence becomes truly valuable when it integrates into everyday operations.&nbsp;Here\u2019s&nbsp;how it reinforces the three pillars of any SOC.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Triage: From Guesswork to Confident Decisions&nbsp;<\/h3>\n\n\n\n<p><strong>Alert volume<\/strong>&nbsp;is the defining operational challenge for most SOC teams. The ability to&nbsp;validate&nbsp;an alert quickly and to make a confident decision about whether to close it or escalate directly&nbsp;determines&nbsp;how efficiently a team can&nbsp;operate.&nbsp;<\/p>\n\n\n\n<p>With ANY.RUN&#8217;s threat intelligence, analysts can&nbsp;immediately&nbsp;check an incoming indicator against a broad base of real-world attack data. Known-malicious infrastructure, recognized malware patterns, and previously documented campaigns can be matched in seconds. This means:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster<\/strong>, evidence-backed decisions on alert&nbsp;validity;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A&nbsp;<strong>measurable&nbsp;<\/strong>reduction in the percentage of escalations driven by uncertainty rather than confirmed&nbsp;risk;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lower&nbsp;<\/strong>analyst cognitive load during high-volume periods.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktolookup\/#%7B%2522query%2522:%2522destinationIP:%255C%2522198.37.119.56%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">destinationIP:&#8221;198.37.119.56&#8243;<\/a>&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"598\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-1024x598.png\" alt=\"\" class=\"wp-image-20296\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-1024x598.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-300x175.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-768x449.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-370x216.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-270x158.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1-740x432.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_2-1.png 1510w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Quick verdict on the suspicious IP, campaign relations, infrastructure, and IOCs<\/em><\/figcaption><\/figure>\n\n\n\n<p>Analysts spend less time on inconclusive alerts and more time on confirmed threats. With documented context to support every decision.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Response: Seeing the Bigger Picture&nbsp;<\/h3>\n\n\n\n<p>Once an incident is confirmed, speed and precision matter. The quality of the response depends on how well the team understands the threat: its connections, its infrastructure, its behavioral patterns, and its&nbsp;likely next&nbsp;moves.&nbsp;Two clicks in TI Lookup search results&nbsp;cited above&nbsp;take your analyst to&nbsp;<a href=\"https:\/\/app.any.run\/tasks\/403ae91b-2d4b-40a4-8807-e720552d6210\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">a sandbox session<\/a>&nbsp;of malware detonation and attack chain exposure:&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"578\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-1024x578.png\" alt=\"\" class=\"wp-image-20299\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-1024x578.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-768x433.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-1536x867.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3-740x418.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_3.png 1843w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Move from TI Lookup results to sandbox analyses exposing malware\u2019s behavior<\/em><\/figcaption><\/figure>\n\n\n\n<p>ANY.RUN&#8217;s threat intelligence enables response teams to map the relationships between indicators and the broader campaigns or actor groups behind them. Shared infrastructure, overlapping TTPs, and connected artifacts can be&nbsp;identified&nbsp;quickly, giving responders a structural understanding of what they are dealing with, not just a list of individual indicators.&nbsp;<\/p>\n\n\n\n<p>This translates into:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>More complete&nbsp;<strong>scoping of incidents<\/strong>, with fewer blind&nbsp;spots;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Targeted&nbsp;<strong>containment and remediation<\/strong>&nbsp;actions grounded in&nbsp;evidence;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Higher confidence in&nbsp;<strong>response decisions<\/strong>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Overreaction and underreaction are reduced at the same time. The response becomes targeted, not reactive.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Threat Hunting: Testing Hypotheses Against Reality&nbsp;<\/h3>\n\n\n\n<p>Proactive threat hunting requires the ability to test hypotheses against real-world data.&nbsp;Analysts need to move from a suspicion about adversary behavior to a confirmed or refuted finding with enough evidence to act.&nbsp;<\/p>\n\n\n\n<p>ANY.RUN&#8217;s threat intelligence gives hunters access to a rich, searchable base of behavioral data from real-world malware analysis. Campaign linkages, attacker infrastructure patterns, and behavioral signatures can all be researched in depth.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"564\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-1024x564.png\" alt=\"\" class=\"wp-image-20301\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-1024x564.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-768x423.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4-740x408.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_4.png 1522w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>YARA Search accumulating artifacts and sandbox analyses<\/em><\/figcaption><\/figure>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/yara?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Rules Search<\/a>&nbsp;adds a further dimension, allowing hunters to build and&nbsp;validate&nbsp;detection logic against current threat data.&nbsp;<\/p>\n\n\n\n<p>The result is a hunting capability that is grounded in current, real-world evidence rather than theoretical models.&nbsp;It&nbsp;enables teams to find genuine threats and build detection coverage that reflects how adversaries&nbsp;actually behave. Hunting shifts from speculative to&nbsp;evidence-driven.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Threat Intelligence Impacts Your&nbsp;Business Outcomes&nbsp;&nbsp;<\/h2>\n\n\n\n<p>Behind every alert, investigation, and response action, there is a business impact quietly accumulating.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">For Security Operations Teams (SOCs &amp; MSSPs):<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alert validation accelerates<\/strong>, reducing the time from detection to decision.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fewer escalations are driven by uncertainty<\/strong>; each escalation carries stronger evidentiary weight.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Investigation time decreases<\/strong>&nbsp;as analysts access contextualized data without pivoting between tools.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Analyst confidence improves<\/strong>, reducing the hesitation that slows response in high-pressure situations&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">For the Organization:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident costs fall&nbsp;<\/strong>when threats are understood accurately and&nbsp;responded to&nbsp;precisely.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster response timelines<\/strong>&nbsp;limit attacker dwell time and reduce the scope of potential damage.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The risk of missing significant threats decreases<\/strong>&nbsp;as detection and investigation are backed by broad, current intelligence.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security investments deliver more measurable returns<\/strong>&nbsp;when team capacity is focused on real, confirmed risk.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Scale SOC Performance with Full Access to Threat Intelligence from ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>The&nbsp;Free plan is a genuine starting point: a full-capability evaluation that lets teams verify the value of ANY.RUN&#8217;s intelligence on real workflows. For organizations ready to operationalize threat intelligence at scale, ANY.RUN&nbsp;<a href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktotipricing\" target=\"_blank\" rel=\"noreferrer noopener\">offers paid plans<\/a>&nbsp;designed for different operational needs.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"435\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-1024x435.png\" alt=\"\" class=\"wp-image-20302\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-1024x435.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-300x127.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-768x326.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-370x157.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-270x115.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5-740x314.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_5.png 1448w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN\u2019s TI plans &amp; pricing<\/em><\/figcaption><\/figure>\n\n\n\n<p>These include Live, Core, and Complete plans, allowing teams to choose the level of access and integration that fits their workflows and scale.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Across these plans, organizations can&nbsp;leverage&nbsp;the full set of threat intelligence capabilities, including:&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>1.&nbsp;Threat Intelligence Feeds<\/strong>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Continuous streams of validated indicators<\/a>&nbsp;enriched&nbsp;with behavioral context from the sandbox analyses, delivered directly into SIEM, EDR, IDS\/IPS, and SOAR systems. This enables automated enrichment and faster&nbsp;detection&nbsp;pipelines.&nbsp;<\/p>\n\n\n\n<p><strong>2. Threat Intelligence Reports: full access<\/strong>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/reports\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktotireports\" target=\"_blank\" rel=\"noreferrer noopener\">Structured analyses of active campaigns<\/a>, malware families, and attacker techniques. These reports&nbsp;provide&nbsp;ready-to-use insights for both operational response and strategic planning.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"487\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-1024x487.png\" alt=\"\" class=\"wp-image-20303\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-1024x487.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-300x143.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-768x366.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-1536x731.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-370x176.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-270x129.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6-740x352.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_6.png 1817w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Reports: most pressing threats, most dangerous APTs<\/em><\/figcaption><\/figure>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nClose blind spots and reduce exposure to critical incidents. <br>\nIntegrate <span class=\"highlight\">ANY.RUN&#8217;s Threat Intelligence<\/span> in your SOC.\n&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=expanded-free-ti-plan&#038;utm_term=220426&#038;utm_content=linktotipricing#contact-sales\" rel=\"noopener\" target=\"_blank\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>What makes them particularly useful in operations:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Clear breakdowns of campaigns, including&nbsp;<strong>tactics, techniques, and&nbsp;procedures<\/strong>;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Context around how attacks&nbsp;<strong>unfold in real&nbsp;environments<\/strong>;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Indicators and infrastructure tied together into&nbsp;<strong>meaningful&nbsp;clusters<\/strong>;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ready-to-use insights that&nbsp;support both&nbsp;<strong>immediate response and long-term defense<\/strong>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Reports act as a bridge between raw telemetry and strategic understanding. They help teams not only react&nbsp;faster, but&nbsp;also recognize patterns before they escalate into incidents.&nbsp;<\/p>\n\n\n\n<p><strong>3. Threat Landscape<\/strong>&nbsp;<\/p>\n\n\n\n<p>A contextual layer that maps threats to industries and geographies, helping organizations understand where specific risks are most relevant to their business.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup#%7B%2522query%2522:%2522threatName:%255C%2522salty2fa%255C%2522%2522,%2522dateRange%2522:60%7D\" target=\"_blank\" rel=\"noreferrer noopener\">threatName:&#8221;vidar&#8221;<\/a>&nbsp;<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"392\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-1024x392.png\" alt=\"\" class=\"wp-image-20310\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-1024x392.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-300x115.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-768x294.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-370x142.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-270x103.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7-740x283.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/bigti_7.png 1518w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Lookup shows: Vidar trojan now targeting education, government, IT, and telecom in Europe and Americas<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p><strong>Together, these capabilities support key business&nbsp;objectives:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reducing mean time to detect and respond (MTTD\/MTTR);&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Lowering operational costs of incident&nbsp;handling;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improving analyst efficiency and capacity&nbsp;utilization;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Strengthening risk management and compliance posture.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"836\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-1024x836.png\" alt=\"\" class=\"wp-image-20328\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-1024x836.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-300x245.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-768x627.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-1536x1254.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-2048x1673.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-370x302.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-270x221.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/04\/ANY.RUN-Threat-Intelligence_article-740x604.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN TI plans<\/em><\/figcaption><\/figure>\n\n\n\n<p>The result is a measurable improvement in how security operations contribute to overall business resilience.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts<\/h2>\n\n\n\n<p>The gap between threat detection and effective response is not primarily a technology problem.&nbsp;It&nbsp;is a data problem.&nbsp;When analysts have access to rich, current, contextual intelligence at the moment they need it, decisions improve and outcomes follow.&nbsp;<\/p>\n\n\n\n<p>ANY.RUN&#8217;s unified threat intelligence \u2014 TI Lookup, TI Feeds, TI Reports, and YARA Search, all powered by real sandbox data from 15,000 organizations \u2014 gives SOC and MSSP teams that foundation. The free plan removes the evaluation barrier: any team can run it through real workflows, on real alerts, before&nbsp;committing to&nbsp;anything.&nbsp;<\/p>\n\n\n\n<p>For teams that operationalize it, the cumulative effect is a SOC that is measurably faster, more&nbsp;accurate, and more confident \u2014 and an organization that is measurably harder to compromise and cheaper to defend.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, a leading provider of interactive malware analysis and threat intelligence solutions, helps security teams investigate threats faster and with greater clarity across modern enterprise environments.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>It allows teams to safely execute suspicious files and URLs,&nbsp;observe&nbsp;real behavior in an&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a>, enrich&nbsp;indicators&nbsp;with immediate context through&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, and&nbsp;monitor&nbsp;emerging malicious infrastructure using&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=evasive-blob-phishing-detection&amp;utm_term=160426&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>. Together, these capabilities help reduce investigation uncertainty, accelerate triage, and limit unnecessary escalations across the&nbsp;SOC.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>ANY.RUN is trusted by thousands of organizations worldwide and meets enterprise security and compliance expectations. It is&nbsp;<a href=\"https:\/\/any.run\/compliance\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=expanded-free-ti-plan&amp;utm_term=220426&amp;utm_content=linktocompliance\" target=\"_blank\" rel=\"noreferrer noopener\">SOC 2 Type II certified<\/a>,&nbsp;demonstrating&nbsp;its commitment to protecting customer data and&nbsp;maintaining&nbsp;strong security controls.&nbsp;<\/p>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1776863123924\"><strong class=\"schema-faq-question\">What is included in the expanded entry-level plan?<\/strong> <p class=\"schema-faq-answer\">It includes 20 investigations in Threat Intelligence Lookup with AI-assisted search, access to YARA search, and the free Threat Intelligence Reports to evaluate real workflows.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1776863205282\"><strong class=\"schema-faq-question\">How is this different from a typical trial?<\/strong> <p class=\"schema-faq-answer\">It is not a limited demo. It allows teams to test threat intelligence directly within their SOC processes, using real alerts and investigations.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1776863216189\"><strong class=\"schema-faq-question\">What data powers ANY.RUN\u2019s threat intelligence?<\/strong> <p class=\"schema-faq-answer\">It is generated from real-world malware analyses in the ANY.RUN Interactive Sandbox, enriched with behavioral data, infrastructure links, and campaign context.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1776863225833\"><strong class=\"schema-faq-question\">How does AI search help analysts?<\/strong> <p class=\"schema-faq-answer\">It simplifies query building by translating intent into structured search parameters, reducing time spent on syntax and accelerating investigations.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1776863232650\"><strong class=\"schema-faq-question\">Can this be integrated into existing security infrastructure?<\/strong> <p class=\"schema-faq-answer\">Yes, paid plans support integration with SIEM, SOAR, and other security systems, enabling automated workflows and enrichment.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1776863250785\"><strong class=\"schema-faq-question\">Who is this most relevant for?<\/strong> <p class=\"schema-faq-answer\">SOC teams, MSSPs, and security leaders who want to improve decision speed, reduce uncertainty, and lower incident response costs.<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations.&nbsp; Here\u2019s&nbsp;how your team can test&nbsp;TI&#8217;s impact on triage&nbsp;quality, response&nbsp;speed, and threat hunting workflows.&nbsp; See&nbsp;How&nbsp;Threat Intelligence&nbsp;Accelerates Your SOC&nbsp; ANY.RUN now&nbsp;offers&nbsp;20&nbsp;premium&nbsp;requests in&nbsp;Threat Intelligence Lookup&nbsp;and&nbsp;YARA Search&nbsp;as part of the&nbsp;Free plan.&nbsp;&nbsp; You can&nbsp;get&nbsp;immediate threat context for&nbsp;over 40 types [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":20279,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[93,57,40,78,92],"class_list":["post-20272","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-ai","tag-anyrun","tag-malware-behavior","tag-threat-intelligence","tag-yara-search"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ANY.RUN Expands Free Plan for Threat Intelligence<\/title>\n<meta name=\"description\" content=\"Test threat intelligence in real SOC workflows with ANY.RUN\u2019s improved free plan. Faster triage, response, and hunting.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"More\u00a0Attack\u00a0Context\u00a0for\u00a0Faster\u00a0Triage,\u00a0Response, and Hunting.\u00a0Now\u00a0Available\u00a0to\u00a0Every\u00a0SOC\u00a0\",\"datePublished\":\"2026-04-22T13:14:24+00:00\",\"dateModified\":\"2026-04-22T13:27:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/\"},\"wordCount\":2017,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"AI\",\"ANYRUN\",\"malware behavior\",\"threat intelligence\",\"yara search\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#respond\"]}]},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/\",\"name\":\"ANY.RUN Expands Free Plan for Threat Intelligence\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2026-04-22T13:14:24+00:00\",\"dateModified\":\"2026-04-22T13:27:48+00:00\",\"description\":\"Test threat intelligence in real SOC workflows with ANY.RUN\u2019s improved free plan. Faster triage, response, and hunting.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863123924\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863205282\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863216189\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863225833\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863232650\"},{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863250785\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"More\u00a0Attack\u00a0Context\u00a0for\u00a0Faster\u00a0Triage,\u00a0Response, and Hunting.\u00a0Now\u00a0Available\u00a0to\u00a0Every\u00a0SOC\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863123924\",\"position\":1,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863123924\",\"name\":\"What is included in the expanded entry-level plan?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"It includes 20 investigations in Threat Intelligence Lookup with AI-assisted search, access to YARA search, and the free Threat Intelligence Reports to evaluate real workflows.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863205282\",\"position\":2,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863205282\",\"name\":\"How is this different from a typical trial?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"It is not a limited demo. It allows teams to test threat intelligence directly within their SOC processes, using real alerts and investigations.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863216189\",\"position\":3,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863216189\",\"name\":\"What data powers ANY.RUN\u2019s threat intelligence?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"It is generated from real-world malware analyses in the ANY.RUN Interactive Sandbox, enriched with behavioral data, infrastructure links, and campaign context.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863225833\",\"position\":4,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863225833\",\"name\":\"How does AI search help analysts?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"It simplifies query building by translating intent into structured search parameters, reducing time spent on syntax and accelerating investigations.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863232650\",\"position\":5,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863232650\",\"name\":\"Can this be integrated into existing security infrastructure?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes, paid plans support integration with SIEM, SOAR, and other security systems, enabling automated workflows and enrichment.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863250785\",\"position\":6,\"url\":\"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863250785\",\"name\":\"Who is this most relevant for?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SOC teams, MSSPs, and security leaders who want to improve decision speed, reduce uncertainty, and lower incident response costs.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANY.RUN Expands Free Plan for Threat Intelligence","description":"Test threat intelligence in real SOC workflows with ANY.RUN\u2019s improved free plan. Faster triage, response, and hunting.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"More\u00a0Attack\u00a0Context\u00a0for\u00a0Faster\u00a0Triage,\u00a0Response, and Hunting.\u00a0Now\u00a0Available\u00a0to\u00a0Every\u00a0SOC\u00a0","datePublished":"2026-04-22T13:14:24+00:00","dateModified":"2026-04-22T13:27:48+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/"},"wordCount":2017,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["AI","ANYRUN","malware behavior","threat intelligence","yara search"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#respond"]}]},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/","url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/","name":"ANY.RUN Expands Free Plan for Threat Intelligence","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-04-22T13:14:24+00:00","dateModified":"2026-04-22T13:27:48+00:00","description":"Test threat intelligence in real SOC workflows with ANY.RUN\u2019s improved free plan. Faster triage, response, and hunting.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863123924"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863205282"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863216189"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863225833"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863232650"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863250785"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"More\u00a0Attack\u00a0Context\u00a0for\u00a0Faster\u00a0Triage,\u00a0Response, and Hunting.\u00a0Now\u00a0Available\u00a0to\u00a0Every\u00a0SOC\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863123924","position":1,"url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863123924","name":"What is included in the expanded entry-level plan?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It includes 20 investigations in Threat Intelligence Lookup with AI-assisted search, access to YARA search, and the free Threat Intelligence Reports to evaluate real workflows.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863205282","position":2,"url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863205282","name":"How is this different from a typical trial?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It is not a limited demo. It allows teams to test threat intelligence directly within their SOC processes, using real alerts and investigations.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863216189","position":3,"url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863216189","name":"What data powers ANY.RUN\u2019s threat intelligence?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It is generated from real-world malware analyses in the ANY.RUN Interactive Sandbox, enriched with behavioral data, infrastructure links, and campaign context.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863225833","position":4,"url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863225833","name":"How does AI search help analysts?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It simplifies query building by translating intent into structured search parameters, reducing time spent on syntax and accelerating investigations.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863232650","position":5,"url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863232650","name":"Can this be integrated into existing security infrastructure?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Yes, paid plans support integration with SIEM, SOAR, and other security systems, enabling automated workflows and enrichment.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863250785","position":6,"url":"https:\/\/any.run\/cybersecurity-blog\/expanded-free-ti-plan\/#faq-question-1776863250785","name":"Who is this most relevant for?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SOC teams, MSSPs, and security leaders who want to improve decision speed, reduce uncertainty, and lower incident response costs.","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/20272"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=20272"}],"version-history":[{"count":39,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/20272\/revisions"}],"predecessor-version":[{"id":20337,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/20272\/revisions\/20337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/20279"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=20272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=20272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=20272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}