This repository contains official connectors developed by ANY.RUN for easy integration with MISP products.
ANY.RUN's Threat Intelligence Feeds connector for MISP delivers fresh, high-confidence Indicators of Compromise (IPs, domains, URLs) enriched by contextual threat data from ANY.RUN’s Interactive Sandbox into MISP events.
Sourced from real-time investigations of active attacks across 15,000+ organizations, TI Feeds integrate seamlessly with SIEMs/XDRs/firewalls and other security solutions for detection, monitoring, and identification of malicious events.
ANY.RUN’s feeds are updated in real time, allowing you to track threats as they emerge, develop, and spread to take critical security actions early.
- Unique data: Fresh indicators from live detonations of attacks with links to sandbox sessions with full threat context, including TTPs.
- No false alerts: Reliable IOCs with a near-zero false positive rate thanks to pre-processing.
- Prioritization of incidents: SOC teams use TI Feeds as part of alert triage, incident response, and proactive hunting to effectively handle urgent threats.
For details on how you can make ANY.RUN's solutions a part of your infrastructure, contact us. For technical assistance, reach out to support@any.run.