ANY.RUN and MISP Announce Integration to Accelerate Threat Validation and Strengthen SOC Efficiency

DUBAI, DUBAI, UNITED ARAB EMIRATES, January 22, 2026 /EINPresswire.com/ -- ANY.RUN has launched a new integration with MISP that helps SOC teams validate threats faster and enrich investigations with behavior-based evidence. The integration brings sandbox detonation, IOC extraction, MITRE ATT&CK mapping, and real-time threat intelligence directly into MISP events, reducing manual work and improving the accuracy of security decisions.

𝐁𝐞𝐡𝐚𝐯𝐢𝐨𝐫-𝐃𝐫𝐢𝐯𝐞𝐧 𝐈𝐧𝐬𝐢𝐠𝐡𝐭 𝐃𝐢𝐫𝐞𝐜𝐭𝐥𝐲 𝐢𝐧 𝐌𝐈𝐒𝐏

The integration lets analysts detonate files and URLs directly from MISP and receive the full output back into the event: verdicts, IOCs, ATT&CK techniques, and reports. ANY.RUN TI Feeds complement this by supplying continuously updated malicious indicators, giving MISP users a reliable blend of behavior evidence and IOC intelligence.

𝐄𝐟𝐟𝐢𝐜𝐢𝐞𝐧𝐜𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐮𝐫𝐚𝐜𝐲 𝐈𝐦𝐩𝐫𝐨𝐯𝐞𝐦𝐞𝐧𝐭𝐬 𝐟𝐨𝐫 𝐒𝐎𝐂𝐬

The integration introduces several measurable improvements that strengthen triage, accelerate investigations, and support more efficient response operations.

· 𝗥𝗲𝗱𝘂𝗰𝗲𝗱 𝗠𝗧𝗧𝗥: Behavioral detonation, automated verdicts, and IOC extraction accelerate alert validation and shorten investigation cycles.

· 𝗦𝘁𝗿𝗼𝗻𝗴𝗲𝗿 𝘁𝗿𝗶𝗮𝗴𝗲 𝗾𝘂𝗮𝗹𝗶𝘁𝘆: Real execution evidence and ATT&CK mapping replace guesswork with full context, improving accuracy and reducing noise.

· 𝗛𝗶𝗴𝗵𝗲𝗿 𝗮𝗻𝗮𝗹𝘆𝘀𝘁 𝗲𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝗰𝘆: Analysts can submit samples, review results, and enrich events without leaving MISP, removing manual steps and tool switching.

· 𝗦𝘁𝗮𝗯𝗹𝗲 𝗦𝗟𝗔 𝗽𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗠𝗦𝗦𝗣𝘀: Faster enrichment and consistent behavioral context strengthen service quality and help maintain customer response timelines.

· 𝗚𝗿𝗲𝗮𝘁𝗲𝗿 𝘁𝗵𝗿𝗼𝘂𝗴𝗵𝗽𝘂𝘁 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗻𝗲𝘄 𝗵𝗶𝗿𝗲𝘀: Automated analysis and continuous IOC updates increase SOC capacity during peak activity without expanding the team.

To explore its full capabilities and see how it strengthens investigation workflows, visit the ANY.RUN blog.

The integration requires no custom development and works as soon as it is enabled inside MISP. Teams can adopt behavior-driven triage and enrichment in minutes.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN helps security teams understand threats faster and take action with confidence. Trusted by more than 500,000 security professionals and over 15,000 organizations worldwide, the solution combines interactive malware analysis with real-time threat intelligence to support accurate triage and quicker response. Its Interactive Sandbox, Threat Intelligence Lookup, and Threat Intelligence Feeds provide clear behavioral evidence and up-to-date context for SOC and incident response operations.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.