{"id":21801,"date":"2026-06-25T11:56:11","date_gmt":"2026-06-25T11:56:11","guid":{"rendered":"https:\/\/any.run\/cybersecurity-blog\/?p=21801"},"modified":"2026-06-25T13:30:11","modified_gmt":"2026-06-25T13:30:11","slug":"torq-integration","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/","title":{"rendered":"ANY.RUN &amp; Torq\u00a0Integration: Scale Triage &amp; Respond with Confidence"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>Lack of alert context<\/strong>\u00a0makes it difficult for Security Operations Centers (SOC) to distinguish actual threats from false positives.\u00a0<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ANY.RUN<\/strong><\/a>\u2019s integration with the\u00a0<a href=\"https:\/\/torq.io\/ai-soc-platform\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Torq\u00a0AI SOC Platform<\/strong><\/a> bridges this gap by delivering conclusive malware &amp; phishing verdicts and actionable intelligence.\u00a0\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The result for your team is faster incident resolution<\/strong>, reduced alert fatigue, and proactive threat detection.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ANY.RUN &amp; Torq Integration&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike legacy SOAR approaches that often require custom code and months of implementation, <strong>Torq<\/strong> allows\u00a0<a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktoenterprise\" target=\"_blank\" rel=\"noreferrer noopener\">SOC<\/a>\u00a0and\u00a0<a href=\"https:\/\/any.run\/mssp\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktomssp\" target=\"_blank\" rel=\"noreferrer noopener\">MSSP teams<\/a>\u00a0to build response logic visually. The ANY.RUN integration adds a critical layer of malware analysis, phishing detection, and IOC enrichment to these workflows.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>ANY.RUN<\/strong>\u00a0users have access to\u00a0<strong>five ready-to-use\u00a0<\/strong><a href=\"https:\/\/torq.io\/hyperagents\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Torq HyperAgents\u2122<\/strong><\/a>\u00a0designed to accelerate time-to-verdict:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kb.torq.io\/en\/articles\/15027756-workflow-template-enrich-case-with-threat-intelligence-data-any-run-ti-lookup\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Enrichment with TI Lookup<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kb.torq.io\/en\/?q=any.run\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>File &amp; URL Analysis with Interactive&nbsp;Sandbox<\/strong><\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Results, including reputation data, threat names, tags, and structured JSON responses, are delivered directly into\u00a0<a href=\"https:\/\/torq.io\/case-management\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Torq Case\u00a0Management.<\/strong><\/a>\u00a0Teams can edit the current templates to fit their specific processes, adding actions, changing conditions, or using ANY.RUN as one specific step in a complex, multi-tool automation.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Available on&nbsp;<a href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktotipricing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN Threat&nbsp;Intelligence<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktosbpricing\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive&nbsp;Sandbox&nbsp;plans<\/a>&nbsp;<strong>with API access<\/strong>, the integration helps analysts streamline their workflows, gaining full alert or threat context quickly with an average reduction in MTTR of 21 minutes.&nbsp;&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nSpeed up triage &#038; response inside Torq with ANY.RUN<br>Scale your SOC capability <span class=\"highlight\">without adding headcount<\/span>\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=torq-integration&#038;utm_term=250626&#038;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us&nbsp;\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Interactive&nbsp;Sandbox&nbsp;Templates in Torq&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktosblanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive&nbsp;Sandbox<\/a>&nbsp;workflows allow analysts to detonate suspicious objects in real-time environments (<a href=\"https:\/\/any.run\/cybersecurity-blog\/windows-11-malware-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-macos-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">macOS<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Android<\/a>) to uncover evasive behaviors. There are&nbsp;<strong>two types of templates<\/strong>&nbsp;available for&nbsp;sandbox&nbsp;analysis:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Case-Based Workflows&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"427\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-1024x427.png\" alt=\"\" class=\"wp-image-21810\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-1024x427.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-300x125.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-768x320.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-370x154.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-270x112.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2-740x308.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image7-2.png 1318w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">ANY.RUN&#8217;s Sandbox provides fast case enrichment in Torq <\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">These are triggered directly from a&nbsp;<strong>Torq Case<\/strong>, where observables and attachments are automatically ingested from sources like EDR, SIEM, XDR, or email security tools.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Process:<\/strong>&nbsp;The analyst opens a case and launches the workflow. The system automatically retrieves observables or attachments, filtering for supported objects such as&nbsp;<strong>URLs or files<\/strong>. Analysts can then select specific objects for detonation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Result:<\/strong>&nbsp;Analysis data is added to the case notes in real-time. This includes a brief context, reputation,&nbsp;threat&nbsp;names or tags, and a structured JSON response. Additionally, a direct link is provided, allowing the analyst to jump into the ANY.RUN session to continue a manual, interactive analysis.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The list of case-based templates:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kb.torq.io\/en\/articles\/15027776-workflow-template-enrich-case-with-url-analysis-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Enrich Case with URL Analysis in ANY.RUN&nbsp;Sandbox<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kb.torq.io\/en\/articles\/15027772-workflow-template-enrich-case-with-file-analysis-in-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Enrich Case with File Analysis in ANY.RUN&nbsp;Sandbox<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2.&nbsp;Sandbox&nbsp;Analysis Workflows&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">These templates are designed to be embedded as a specific step within a larger, custom&nbsp;<strong>incident response flow<\/strong>.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Process:<\/strong>&nbsp;Unlike case-based templates, these function independently of a specific case. They accept a&nbsp;<strong>URL or File<\/strong>&nbsp;as an input parameter and&nbsp;initiate&nbsp;the ANY.RUN&nbsp;Sandbox&nbsp;analysis.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Result:<\/strong>&nbsp;The workflow waits for the analysis to complete and returns a structured JSON object&nbsp;containing&nbsp;the final verdict,&nbsp;analysis&nbsp;metadata, a list of IOCs, and a link to the full report. This data can then be passed further down the custom automation chain.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The list of&nbsp;sandbox&nbsp;analysis templates:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kb.torq.io\/en\/articles\/15027767-workflow-template-analyze-urls-with-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze URLs with ANY.RUN&nbsp;Sandbox<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kb.torq.io\/en\/articles\/15027760-workflow-template-analyze-files-with-any-run-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze Files with ANY.RUN&nbsp;Sandbox<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence Lookup Templates in Torq&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"636\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-1024x636.png\" alt=\"\" class=\"wp-image-21812\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-1024x636.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-300x186.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-768x477.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-1536x953.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-370x230.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-270x168.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1-740x459.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/image11-1.png 1661w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">TI Lookup adds context to isolated indicators, giving SOC teams the clarity for correct decisions<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktolookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence (TI) Lookup<\/strong><\/a>&nbsp;integration focuses on rapid enrichment of &#8220;raw&#8221; observables found in alerts, such as IPs, domains, hashes, and URLs.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automation at Scale:<\/strong>&nbsp;When a case&nbsp;contains&nbsp;suspicious indicators, the TI Lookup workflow queries ANY.RUN\u2019s vast database of threat data\u2014continuously updated from millions of&nbsp;sandbox&nbsp;sessions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Instant Context:<\/strong>&nbsp;The workflow returns high-fidelity data including the&nbsp;<strong>reputation<\/strong>&nbsp;of the indicator,&nbsp;<strong>threat names<\/strong>, and specific&nbsp;<strong>tags<\/strong>. This allows analysts to&nbsp;immediately&nbsp;understand the nature of a threat and decide whether to block the indicator or escalate the incident.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enrichment Integration:<\/strong>&nbsp;Much like the&nbsp;sandbox&nbsp;workflows, TI Lookup results are delivered directly into the Torq interface as JSON data or case notes, ensuring that the analyst never has to leave their primary workspace to gather intelligence.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Explore&nbsp;<a href=\"https:\/\/kb.torq.io\/en\/articles\/15027756-workflow-template-enrich-case-with-threat-intelligence-data-any-run-ti-lookup\" target=\"_blank\" rel=\"noreferrer noopener\">the TI Lookup template<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Integrate ANY.RUN in Torq&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Setting up the integration is straightforward and requires no custom coding:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Navigate to&nbsp;<strong>Integrations<\/strong>&nbsp;within Torq and&nbsp;locate&nbsp;<strong>ANY.RUN<\/strong>.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Click&nbsp;<strong>Add<\/strong>, create a new instance, and enter your&nbsp;<strong>API key<\/strong>.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Go to the&nbsp;<strong>Templates<\/strong>&nbsp;tab and search for ANY.RUN templates.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Select your previously configured ANY.RUN integration to begin using the workflows.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">By default, these playbooks are configured to be&nbsp;<strong>launched manually<\/strong>. This is a deliberate design choice to ensure that only&nbsp;appropriate objects&nbsp;are sent for analysis.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, for high-volume environments, these templates can be easily integrated into broader,&nbsp;<strong>fully automated playbooks<\/strong>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key SOC &amp; MSSP Benefits of Integrating ANY.RUN in Torq&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">ANY.RUN\u2019s deep behavioral visibility with Torq\u2019s hyper-automated orchestration levels up the efficiency of modern security operations, moving beyond simple automation toward maximizing security ROI.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster incident resolution (MTTR)<\/strong>: Automating&nbsp;sandbox&nbsp;analysis and threat intelligence correlation allows you to&nbsp;<strong>cut incident resolution time by tens of percent<\/strong>.&nbsp;Analysts get clear verdicts in seconds, enabling them to block threats before they spread.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Operational Scaling:<\/strong> Teams can handle a growing volume of alerts with <strong>Torq HyperAgents\u2122 &amp; handling<\/strong><strong> routine Tier 1 tasks<\/strong>, allowing analysts to focus on complex threats without increasing headcount.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Zero development overhead<\/strong>: Unlike custom integrations that require months of engineering, this no-code setup is ready in minutes. You get a functional automation foundation without the cost of writing or&nbsp;maintaining&nbsp;scripts.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Standardized investigation logic<\/strong>: Every alert is checked using the same high-fidelity criteria. This ensures consistent results and reduces the risk of human error, regardless of an analyst&#8217;s experience level.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Higher ROI on existing tools<\/strong>: ANY.RUN works as an enrichment layer inside Torq, making your SIEM, EDR, and other security investments more effective by providing them with immediate, actionable context.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced analyst burnout<\/strong>: By&nbsp;eliminating&nbsp;manual data entry and constant switching between tools, you allow your team to focus on meaningful security work, which improves overall SOC productivity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN&#8217;s solutions in Torq<br><span class=\"highlight\">Close security gaps<\/span> and reduce MTTR with confidence\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noopener\">\nContact us&nbsp;\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Trusted by over 600,000 cybersecurity professionals and 15,000+ organizations worldwide,&nbsp;<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;helps security teams investigate threats faster and with greater accuracy.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Our&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktosblanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Interactive&nbsp;Sandbox<\/strong><\/a>&nbsp;accelerates incident response by allowing you to analyze suspicious files in real time, while our&nbsp;<strong>Threat Intelligence solutions&nbsp;(<\/strong><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktolookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TI Lookup<\/strong><\/a><strong>&nbsp;and&nbsp;<\/strong><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=torq-integration&amp;utm_term=250626&amp;utm_content=linktofeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TI Feeds<\/strong><\/a><strong>)&nbsp;<\/strong>provide the necessary context to&nbsp;anticipate&nbsp;and stop today\u2019s most advanced attacks.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The integration of&nbsp;<strong>ANY.RUN with Torq<\/strong>&nbsp;adds a specialized layer of malware analysis, phishing detection, and IOC enrichment to your security operations. By&nbsp;utilizing&nbsp;these automated workflows, SOC teams can seamlessly embed ANY.RUN\u2019s deep visibility into their existing triage and incident response flows.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lack of alert context\u00a0makes it difficult for Security Operations Centers (SOC) to distinguish actual threats from false positives.\u00a0ANY.RUN\u2019s integration with the\u00a0Torq\u00a0AI SOC Platform bridges this gap by delivering conclusive malware &amp; phishing verdicts and actionable intelligence.\u00a0\u00a0 The result for your team is faster incident resolution, reduced alert fatigue, and proactive threat detection.&nbsp; ANY.RUN &amp; Torq [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":21804,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[81],"tags":[57,10,55,56],"class_list":["post-21801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ANY.RUN &amp; Torq: Scale Triage &amp; Respond with Confidence<\/title>\n<meta name=\"description\" content=\"Bridge the gap between alerts and confident response in your SOC by integrating ANY.RUN&#039;s sandbox and threat intelligence in Torq.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"headline\":\"ANY.RUN &amp; Torq\u00a0Integration: Scale Triage &amp; Respond with Confidence\",\"datePublished\":\"2026-06-25T11:56:11+00:00\",\"dateModified\":\"2026-06-25T13:30:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/\"},\"wordCount\":1289,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/torq_blog-scaled.png\",\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"release\",\"update\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/\",\"name\":\"ANY.RUN & Torq: Scale Triage & Respond with Confidence\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/torq_blog-scaled.png\",\"datePublished\":\"2026-06-25T11:56:11+00:00\",\"dateModified\":\"2026-06-25T13:30:11+00:00\",\"description\":\"Bridge the gap between alerts and confident response in your SOC by integrating ANY.RUN's sandbox and threat intelligence in Torq.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#primaryimage\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/torq_blog-scaled.png\",\"contentUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/torq_blog-scaled.png\",\"width\":2560,\"height\":1243},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/torq-integration\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/category\\\/integrations-connectors\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANY.RUN &amp; Torq\u00a0Integration: Scale Triage &amp; Respond with Confidence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/any.run\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\\\/\\\/any.run\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/www.any.run\\\/\",\"https:\\\/\\\/x.com\\\/anyrun_app\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/30692044\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/author\\\/a-bespalova\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANY.RUN & Torq: Scale Triage & Respond with Confidence","description":"Bridge the gap between alerts and confident response in your SOC by integrating ANY.RUN's sandbox and threat intelligence in Torq.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"ANY.RUN &amp; Torq\u00a0Integration: Scale Triage &amp; Respond with Confidence","datePublished":"2026-06-25T11:56:11+00:00","dateModified":"2026-06-25T13:30:11+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/"},"wordCount":1289,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"image":{"@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#primaryimage"},"thumbnailUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/torq_blog-scaled.png","keywords":["ANYRUN","cybersecurity","release","update"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/","url":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/","name":"ANY.RUN & Torq: Scale Triage & Respond with Confidence","isPartOf":{"@id":"https:\/\/any.run\/"},"primaryImageOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#primaryimage"},"image":{"@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#primaryimage"},"thumbnailUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/torq_blog-scaled.png","datePublished":"2026-06-25T11:56:11+00:00","dateModified":"2026-06-25T13:30:11+00:00","description":"Bridge the gap between alerts and confident response in your SOC by integrating ANY.RUN's sandbox and threat intelligence in Torq.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/torq-integration\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#primaryimage","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/torq_blog-scaled.png","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2026\/06\/torq_blog-scaled.png","width":2560,"height":1243},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/torq-integration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"ANY.RUN &amp; Torq\u00a0Integration: Scale Triage &amp; Respond with Confidence"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/x.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/21801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=21801"}],"version-history":[{"count":13,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/21801\/revisions"}],"predecessor-version":[{"id":21821,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/21801\/revisions\/21821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/21804"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=21801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=21801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=21801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}