Skip to content

anyrun/anyrun-integration-opencti

Repository files navigation

ANY.RUN logo


ANY.RUN connectors for OpenCTI

This repository provides integrations of the OpenCTI threat intelligence platform with ANY.RUN's services:

The connectors are Docker-ready, API-driven, and easy to configure. By combining real-time sandbox intelligence with external data sources, this solution strengthens threat detection, investigation, and response workflows within the OpenCTI environment.

Connector capabilities

Interactive Sandbox: Early detection of evasive threats

The connector for the Interactive Sandbox enables automated submission of files and URLs from OpenCTI for dynamic malware analysis. It retrieves detailed sandbox reports—including network activity, dropped files, and MITRE ATT&CK techniques—that enrich observables in OpenCTI. These insights help analysts rapidly assess threats and improve the incident detection rate to minimize response delays and breach risks.

See documentation

Threat Intelligence Lookup: Faster triage, informed response, and proactive hunting

The connector for Threat Intelligence Lookup allows for enriching OpenCTI artifacts with context from live attack data from over 15K SOCs. It shortens investigation time by providing rapid insights into malicious URLs, IPs, domains, and hashes. This critical context helps security teams streamline triage, cut MTTD, improve incident response, and identify hidden malware in high alert volume environments.

See documentation

Threat Intelligence Feeds: Fresh malicious indicators for expanded threat coverage

The connector for Threat Intelligence Feeds supports ingestion of high-fidelity indicators of compromise (IPs, domains, URLs), extracted directly from real-time detonations of the latest threats inside ANY.RUN’s Interactive Sandbox. TI Feeds continuously supply fresh IOCs every two hours, ensuring SOC teams receive actionable intelligence on attacks still active in the wild. This enables SOCs to monitor emerging threats and update defenses proactively, minimizing the risk of undetected attacks.

See documentation

Request support or access to ANY.RUN’s products

Feel free to reach out to us for help with integration, a quote, or demo via the contact us form.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published