{"id":20804,"date":"2026-05-12T11:15:30","date_gmt":"2026-05-12T11:15:30","guid":{"rendered":"https:\/\/any.run\/cybersecurity-blog\/?p=20804"},"modified":"2026-05-12T11:16:08","modified_gmt":"2026-05-12T11:16:08","slug":"anyrun-elastic-security","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/anyrun-elastic-security\/","title":{"rendered":"ANY.RUN & Elastic Security: Bring\u00a0Threat\u00a0Intelligence into Detection and Investigation Workflows\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"},"content":{"rendered":"\n

Security teams don\u2019t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a missed incident.  <\/p>\n\n\n\n

ANY.RUN<\/a> solves this by bringing real-time, behavior-validated threat intelligence from ANY.RUN integrated into Elastic Security<\/a>, where SOC and MSSP teams detect emerging cyberattacks earlier and respond faster without changing their workflows.  <\/p>\n\n\n\n

ANY.RUN Threat Intelligence Feeds x Elastic Security: About the Integration  <\/h2>\n\n\n\n

Integrate ANY.RUN\u2019s TI Feeds in Elastic Security \u2192<\/a> <\/p>\n\n\n\n

Elastic Security unifies SIEM, endpoint security, and cloud security to help teams protect, investigate, and respond to threats.  <\/p>\n\n\n\n

Through the ANY.RUN Threat Intelligence Feeds integration, organizations can ingest third-party threat indicators into Elastic Security and use them in detection, investigation, and threat intelligence workflows. This helps analysts bring external threat context into the same platform they use for security operations.   <\/p>\n\n\n\n

ANY.RUN\u2019s Threat Intelligence Feeds<\/a> are built from live sandbox investigations<\/a> across more than 15,000 organizations and 600,000 SOC professionals. Indicators reflect infrastructure actively used in phishing, malware delivery, and attacker campaigns, not delayed or aggregated data. Each IOC includes context<\/a> and a direct link to the sandbox report, allowing analysts to quickly understand threat behavior and TTPs.  <\/p>\n\n\n\n

The integration is available as a plug-and-play solution<\/a> that only requires an active TI Feeds license (via trial or a paid subscription).  <\/p>\n\n\n

\n
\"\"
IOC overview of Threat Intelligence Feeds inside Elastic Security<\/em> <\/figcaption><\/figure><\/div>\n\n\n

Once configured, Elastic Security can ingest indicators such as IPs, domains, and URLs from the integration on a scheduled basis. Those indicators can then be used across supported detection, investigation, and visualization workflows.     <\/p>\n\n\n\n

The additional context associated with ingested indicators can help analysts triage and investigate alerts more efficiently.  <\/p>\n\n\n\n\n

\n\n

\nBring fresh, sandbox-backed IOCs into your SOC workflows.<\/span>
\nGive your team the context to investigate\u00a0faster and\u00a0reduce business risk.<\/p>\n\n\nContact us\n<\/a>\n<\/div>\n\n\n\n