ANY.RUN Add-on for Splunk

Integrating ANY.RUN’s solutions with Splunk platform is seamless with the ANY.RUN Add-on for Splunk. Easily connect your Spunk platform with all three flagship products by ANY.RUN – Interactive Sandbox, Threat Intelligence Lookup (TI Lookup), and Threat Intelligence Feeds (TI Feeds) – for faster investigations and response. The app unlocks access to real-time updates, quick verdicts, and actionable statistics directly in Splunk, empowering analysts with automated enrichment and instant visibility into threats. Use cases: – Quick Verification: Analyze suspicious URLs from Spunk events in ANY.RUN Sandbox for rapid verdicts. Analysis results are stored as new Splunk events, with extracted IOCs captured for proactive detection of similar threats. – Instant Enrichment: Enrich IOCs (hashes, IPs, domains, URLs) with threat context via TI Lookup. Tags, industry insights, and linked sandbox analyses will be automatically imported to Splunk. – Real-Time Threat Data Import: Automated delivery of IOCs from TI Feeds to Splunk uncovers latest data on threats investigated by 15,000+ SOC teams worldwide. Benefits: – Faster Decision-Making: Accelerate MTTR with immediate verdicts and actionable insights. – No Blind Spots: Contextualize alerts with fresh threat data for confident decisions. – Verified Data: Near-zero false positives rate to save time and reduce workload. – Deep Visibility: From high-level insights to detailed technical details, the app ensures visibility at all depth levels.