{"id":7237,"date":"2025-08-14T11:23:24","date_gmt":"2025-08-14T11:23:24","guid":{"rendered":"\/cybersecurity-blog\/?p=7237"},"modified":"2025-09-29T05:52:26","modified_gmt":"2025-09-29T05:52:26","slug":"opencti-integration","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/","title":{"rendered":"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/action-plan-for-soc-webinar-recap\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security Operations Centers<\/a> (SOCs) face an overwhelming volume of threat alerts, making it difficult to separate real threats from false positives without heavy resource use.&nbsp;<\/p>\n\n\n\n<p>For teams already working with, or planning to adopt Filigran&#8217;s&nbsp;<strong>OpenCTI<\/strong>, <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> now offers powerful interoperability that bring real-time malware analysis and fresh threat intelligence directly into your existing workflows. This helps SOCs boost efficiency, cut response times, and act with confidence, all without replacing current tools.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Build Faster Response in OpenCTI with ANY.RUN&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-1024x531.png\" alt=\"\" class=\"wp-image-15437\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-1024x531.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-768x398.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-1536x797.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-2048x1062.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image-4-740x384.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN connectors inside OpenCTI<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN now offers dedicated OpenCTI connectors for its main products, allowing SOC teams to use them with their existing security stack seamlessly. This means there is no need to change existing processes and tools, making interoperability simple for those already using OpenCTI.&nbsp;<\/p>\n\n\n\n<p>Available for ANY.RUN\u2019s <a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-enterprise-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprise plan<\/a> users, it is designed to improve SOC metrics for incident detection and response, streamline routine tasks, reduce response times, and provide deep analytics.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Interactive Sandbox<\/strong><\/a>: Automate analysis of suspicious files and URLs to quickly understand their threat level, TTPs, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">collect IOCs<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Lookup<\/strong><\/a>: Enrich observables with threat context based on fresh live attack data.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Feeds<\/strong><\/a>: Stay updated on the active threats with filtered, actionable network IOCs from the latest malware samples.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You can connect any combination of these connectors based on their specific needs and licenses.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-opencti\/tree\/main\" target=\"_blank\" rel=\"noreferrer noopener\">View documentation on GitHub \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>This connectors ensure that accurate threat info is accessible in just a few clicks, significantly boosting SOC effectiveness.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-1024x531.png\" alt=\"\" class=\"wp-image-15441\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-1024x531.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-768x399.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-1536x797.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-2048x1063.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image2-1-740x384.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Detailed documentation on how to set up the OpenCTI connector<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Automate Threat Analysis for Early Detection with Interactive Sandbox&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN&#8217;s <a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> is a cloud-based service that provides SOC teams with instant access to fully interactive Windows, Linux, and Android virtual machines for analyzing suspicious files and URLs.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-1024x568.png\" alt=\"\" class=\"wp-image-15444\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-1024x568.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-1536x853.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-2048x1137.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image3-1-740x411.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Malicious URL with its related IOCs detected by ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>With the OpenCTI connector, SOC teams can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Send files or URLs directly from OpenCTI for instant analysis in ANY.RUN&#8217;s Interactive Sandbox.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automate the execution of multi-stage attacks to reach the final stage of an attack.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enrich observables in OpenCTI with indicators obtained from the sandbox analysis.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-opencti\/tree\/main\/anyrun-integration-sandbox\" target=\"_blank\" rel=\"noreferrer noopener\">Use documentation to set up the connector \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>The connector leverages the <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" target=\"_blank\" rel=\"noreferrer noopener\">Automated Interactivity<\/a> feature. It allows for automated execution of user actions like archive extraction, CAPTCHA solution, and payload launching to trigger each stage of an attack and ensure complete detection of the most evasive threats.&nbsp;&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nIntegrate ANY.RUN\u2019s <span class=\"highlight\">Interactive Sandbox in your SOC<\/span><br>Automate threat analysis, cut MTTD, &#038; boost detection rate &nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=opencti_connector&#038;utm_term=140825&#038;utm_content=linktocontactus\" target=\"_blank\" rel=\"noopener\">\nContact us for a quote or trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>The sandbox logs and marks malicious <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malicious-network-traffic\/\" target=\"_blank\" rel=\"noreferrer noopener\">network traffic<\/a>, processes, registry, and file modifications, providing immediate visibility into threat behavior.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s a typical scenario of how you can use the connector in your SOC:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Analysis<\/strong>: Analysts can send files or URLs for automated sandbox analysis directly from OpenCTI.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Decision Making<\/strong>: Results from the sandbox analysis are used to assess threats and make informed decisions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Response and Escalation<\/strong>: Based on the results, analysts can isolate threats, block malicious activities, or escalate incidents as needed.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">\u261d\ufe0f Benefits the Interactive Sandbox in OpenCTI <\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <ul>\n      <li>Reduced manual effort with analysis automation.<\/li>\n      <li>Higher detection rate with deep insights into threat behavior. <\/li>\n<li>Shorter MTTR with fast identification of malware and detailed reports for informed mitigation.<\/li>\n    <\/ul>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n\n<h2 class=\"wp-block-heading\">Enrich Incidents with Live Attack Data from 15K Organizations via Threat Intelligence Lookup&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"482\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-1024x482.png\" alt=\"\" class=\"wp-image-15446\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-1024x482.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-300x141.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-768x361.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-1536x723.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-2048x964.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-370x174.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-270x127.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image4-740x348.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Malicious URL with its related relationships detected by ANY.RUN TI Lookup inside OpenCTI<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN&#8217;s <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktotilookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> provides a searchable database of fresh Indicators of Compromise (IOCs), Behavior (IOBs), and Action (IOAs). This data is extracted from live sandbox analyses of active malware and phishing attacks across 15,000 organizations, ensuring the indicators are fresh and available quickly after an attack.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">Enrich IOCs with threat context<\/span> in TI Lookup  <br> Act faster. Slash MTTR. Stop breaches early&nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=opencti_connector&#038;utm_term=140825&#038;utm_content=linktotiplans\" target=\"_blank\" rel=\"noopener\">\nContact us for a quote or trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>With the OpenCTI connector, SOC teams can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Browse indicators in TI Lookup without leaving OpenCTI&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Receive data related to URL, IP, domain, and hash observables to gain actionable insights&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use collected intel for incident response, to create new rules, train models, update playbooks, etc.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-opencti\/tree\/main\/anyrun-integration-ti-lookup\" target=\"_blank\" rel=\"noreferrer noopener\">Use documentation to set up the connector \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>Here\u2019s a typical scenario of how you can use the connector in your SOC:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident Enrichment<\/strong>: Analysts use TI Lookup to enrich incidents with detailed threat intelligence directly from OpenCTI.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Threat Assessment<\/strong>: Analysts rapidly assess threats using up-to-date data and behavioral context.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Response and Process Improvement<\/strong>: Enriched data aids in creating effective rules, updating playbooks, and improving detection models.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">\u261d\ufe0f benefits of TI Lookup in OpenCTI <\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <ul>\n      <li>Automatic incident enrichment by pulling detailed threat intelligence for various indicator types. <\/li>\n      <li>Adding behavioral threat context to indicators, providing a deeper understanding. <\/li>\n<li>Speeding up threat assessment using high-quality, up-to-date data.<\/li>\n    <\/ul>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n\n<h2 class=\"wp-block-heading\">Expand Threat Coverage and Proactive Defense with Threat Intelligence Feeds&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"532\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-1024x532.png\" alt=\"\" class=\"wp-image-15448\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-1024x532.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-300x156.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-768x399.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-1536x799.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-2048x1065.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-370x192.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-270x140.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/03\/image5-740x385.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Indicators gathered by ANY.RUN\u2019s TI Feeds inside OpenCTI<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a> help MSSPs and SOCs fortify their security with filtered, high-fidelity indicators of compromise (IPs, domains, URLs) enriched with context from ANY.RUN\u2019s Interactive Sandbox. Sourced from real-time sandbox investigations of active attacks across 15,000 organizations, ANY.RUN\u2019s feeds are updated in real time, allowing you to track threats as they emerge, develop, and spread to take critical security actions early.\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nBoost detection and expand threat coverage <br> in your SOC with <span class=\"highlight\">TI Feeds from ANY.RUN<\/span> in TI Lookup&nbsp;  \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=opencti_connector&#038;utm_term=140825&#038;utm_content=linktotifeedslanding#contact-sales\" target=\"_blank\" rel=\"noopener\">\nRequest 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>With the OpenCTI connector, SOC teams can:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Retrieve real-time, up-to-date indicators and insights derived from attack investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use ANY.RUN&#8217;s data in real-time or on a schedule as a source of malicious indicators for analyzing or investigating alerts and incidents.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Send data to other security systems like SIEM or EDR, further improving detection quality.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/github.com\/anyrun\/anyrun-integration-opencti\/tree\/main\/anyrun-integration-ti-feed\" target=\"_blank\" rel=\"noreferrer noopener\">Use documentation to set up the connector \u2192<\/a>&nbsp;<\/p>\n\n\n\n<p>Here\u2019s a typical scenario of how you can use the connector in your SOC:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Expanded Threat Monitoring<\/strong>: Clients connect TI Feeds to OpenCTI to use real-time threat data for analyzing alerts and incidents.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detection and Response<\/strong>: Enhanced detection quality allows for better threat identification and response.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactive Defense<\/strong>: Data from TI Feeds supports the creation of new rules, training models, and updating playbooks and dashboards.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  <div class=\"window-header\">\n    <div class=\"pill\">\u261d\ufe0f Benefits of TI Feeds in OpenCTI<\/div>\n  <\/div>\n  <div class=\"window-body\">\n    <ul>\n      <li>Proactive threat management by providing current and fresh data from active attacks. <\/li>\n      <li>Improved quality of detection in various security systems. <\/li>\n<li>Enhanced ability to identify threats at earlier stages. <\/li>\n    <\/ul>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n\n<h2 class=\"wp-block-heading\">How OpenCTI Connectors Can Help Your Business&nbsp;<\/h2>\n\n\n\n<p>The interoperability of ANY.RUN with OpenCTI provides significant user and business value, leading to measurable performance gains across the SOC.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced costs and time savings <\/strong>by eliminating the need for custom development and allowing analysts to focus on critical threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Increased SOC efficiency <\/strong>through streamlined triage, investigation, and escalation for Tier 1 and Tier 2 analysts.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automation of routine tasks<\/strong>, such as manually copying artifacts or launching analyses, which reduces analyst burnout.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced Mean Time to Detect (MTTD) <\/strong>and Mean Time to Respond (MTTR), enhancing overall SOC metrics.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced decision-making <\/strong>and process improvement by providing detailed reports and enriched data for creating effective rules, updating response playbooks, and training detection models.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactive threat management <\/strong>and early threat detection by uncovering stealthy or multi-stage attacks that traditional tools might miss.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stronger ROI from existing tools <\/strong>by extending the capabilities of OpenCTI with behavioral analysis and contextual enrichment without additional infrastructure.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>Trusted by over&nbsp;<strong>500,000 cybersecurity professionals<\/strong>&nbsp;and&nbsp;<strong>15,000+ organizations<\/strong>&nbsp;in finance, healthcare, manufacturing, and other critical industries,&nbsp;<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ANY.RUN<\/strong><\/a>&nbsp;helps security teams investigate threats faster and with greater accuracy.&nbsp;<\/p>\n\n\n\n<p>Our&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Interactive Sandbox<\/strong><\/a>&nbsp;accelerates incident response by allowing you to analyze suspicious files in real time, watch behavior as it unfolds, and make confident, well-informed decisions.&nbsp;<\/p>\n\n\n\n<p>Our&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Lookup<\/strong><\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Threat Intelligence Feeds<\/strong><\/a>&nbsp;strengthen detection by providing the context your team needs to anticipate and stop today\u2019s most advanced attacks.&nbsp;<\/p>\n\n\n\n<p>Ready to see the difference?&nbsp;<a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=opencti_connector&amp;utm_term=140825&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Start your 14-day trial of ANY.RUN today<\/strong><\/a><strong> \u2192<\/strong>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Operations Centers (SOCs) face an overwhelming volume of threat alerts, making it difficult to separate real threats from false positives without heavy resource use.&nbsp; For teams already working with, or planning to adopt Filigran&#8217;s&nbsp;OpenCTI, ANY.RUN now offers powerful interoperability that bring real-time malware analysis and fresh threat intelligence directly into your existing workflows. This [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15451,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81],"tags":[57,10,54,34,55,56],"class_list":["post-7237","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-integrations-connectors","tag-anyrun","tag-cybersecurity","tag-features","tag-malware-analysis","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Power your OpenCTI workflows with ANY.RUN\u2019s fast malware analysis and actionable threat intel to boost detection and cut MTTR.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance\",\"datePublished\":\"2025-08-14T11:23:24+00:00\",\"dateModified\":\"2025-09-29T05:52:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\"},\"wordCount\":1399,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"malware analysis\",\"release\",\"update\"],\"articleSection\":[\"Integrations &amp; connectors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\",\"name\":\"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-08-14T11:23:24+00:00\",\"dateModified\":\"2025-09-29T05:52:26+00:00\",\"description\":\"Power your OpenCTI workflows with ANY.RUN\u2019s fast malware analysis and actionable threat intel to boost detection and cut MTTR.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Integrations &amp; connectors\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance - ANY.RUN&#039;s Cybersecurity Blog","description":"Power your OpenCTI workflows with ANY.RUN\u2019s fast malware analysis and actionable threat intel to boost detection and cut MTTR.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance","datePublished":"2025-08-14T11:23:24+00:00","dateModified":"2025-09-29T05:52:26+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/"},"wordCount":1399,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","malware analysis","release","update"],"articleSection":["Integrations &amp; connectors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/","url":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/","name":"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-08-14T11:23:24+00:00","dateModified":"2025-09-29T05:52:26+00:00","description":"Power your OpenCTI workflows with ANY.RUN\u2019s fast malware analysis and actionable threat intel to boost detection and cut MTTR.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/opencti-integration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Integrations &amp; connectors","item":"https:\/\/any.run\/cybersecurity-blog\/category\/integrations-connectors\/"},{"@type":"ListItem","position":3,"name":"ANY.RUN &amp; OpenCTI: Transform SOC for Maximum Performance"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7237"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7237"}],"version-history":[{"count":20,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7237\/revisions"}],"predecessor-version":[{"id":16089,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7237\/revisions\/16089"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/15451"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}