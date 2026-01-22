DUBAI, DUBAI, UNITED ARAB EMIRATES, January 22, 2026 /EINPresswire.com/ -- ANY.RUN has launched a new integration with MISP that helps SOC teams validate threats faster and enrich investigations with behavior-based evidence. The integration brings sandbox detonation, IOC extraction, MITRE ATT&CK mapping, and real-time threat intelligence directly into MISP events, reducing manual work and improving the accuracy of security decisions.

The integration lets analysts detonate files and URLs directly from MISP and receive the full output back into the event: verdicts, IOCs, ATT&CK techniques, and reports. ANY.RUN TI Feeds complement this by supplying continuously updated malicious indicators, giving MISP users a reliable blend of behavior evidence and IOC intelligence.

The integration introduces several measurable improvements that strengthen triage, accelerate investigations, and support more efficient response operations.

· 𝗥𝗲𝗱𝘂𝗰𝗲𝗱 𝗠𝗧𝗧𝗥: Behavioral detonation, automated verdicts, and IOC extraction accelerate alert validation and shorten investigation cycles.

· 𝗦𝘁𝗿𝗼𝗻𝗴𝗲𝗿 𝘁𝗿𝗶𝗮𝗴𝗲 𝗾𝘂𝗮𝗹𝗶𝘁𝘆: Real execution evidence and ATT&CK mapping replace guesswork with full context, improving accuracy and reducing noise.

· 𝗛𝗶𝗴𝗵𝗲𝗿 𝗮𝗻𝗮𝗹𝘆𝘀𝘁 𝗲𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝗰𝘆: Analysts can submit samples, review results, and enrich events without leaving MISP, removing manual steps and tool switching.

· 𝗦𝘁𝗮𝗯𝗹𝗲 𝗦𝗟𝗔 𝗽𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗠𝗦𝗦𝗣𝘀: Faster enrichment and consistent behavioral context strengthen service quality and help maintain customer response timelines.

· 𝗚𝗿𝗲𝗮𝘁𝗲𝗿 𝘁𝗵𝗿𝗼𝘂𝗴𝗵𝗽𝘂𝘁 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗻𝗲𝘄 𝗵𝗶𝗿𝗲𝘀: Automated analysis and continuous IOC updates increase SOC capacity during peak activity without expanding the team.

To explore its full capabilities and see how it strengthens investigation workflows, visit the ANY.RUN blog.

The integration requires no custom development and works as soon as it is enabled inside MISP. Teams can adopt behavior-driven triage and enrichment in minutes.

ANY.RUN helps security teams understand threats faster and take action with confidence. Trusted by more than 500,000 security professionals and over 15,000 organizations worldwide, the solution combines interactive malware analysis with real-time threat intelligence to support accurate triage and quicker response. Its Interactive Sandbox, Threat Intelligence Lookup, and Threat Intelligence Feeds provide clear behavioral evidence and up-to-date context for SOC and incident response operations.

