ANY.RUN TI Feed
This Integration is part of the ANY.RUN Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Threat Intelligence Feed provide data on the known indicators of compromise: malicious IPs, URLs, Domains
Generate Basic auth token#
Please Contact your ANY.RUN account manager to get your basic token
Configure ANY.RUN Feed in Cortex#
- Navigate to Settings > Integrations > Servers & Services.
- Search for ANY.RUN.
- Click Add instance to create and configure a new integration instance.
- Insert ANY.RUN TI Feed Basic Token into the Password parameter
- Please use "ANY.RUN" as username.
- Click Test to validate the URLs, token, and connection.
| Parameter | Description | Required |
|---|---|---|
| Password | Example. Basic ั2vtio5fbl...l0Rvaag== | True |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
anyrun-get-indicators#
Receive ANY.RUN Indicators
Base Command#
anyrun-get-indicators
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | ANY.RUN indicator collection type. Supports: full, ip, url, domain. Possible values are: full, ip, url, domain. | Optional |
| match_type | Filter results based on the STIX object types. | Optional |
| match_id | IOC identifier. | Optional |
| match_revoked | Enable or disable receiving revoked feeds in report. Default is False. | Optional |
| match_version | Filter STIX objects by their object version. Default is last. | Optional |
| added_after | Receive IOCs after specified date. Format: YYYY-MM-DD. | Optional |
| modified_after | Receive IOCs after specified date. Format: YYYY-MM-DD. | Required |
| limit | Number of tasks on a page. Default, all IOCs are included. Default is 100. | Optional |
Context Output#
There is no context output for this command.