Integrate Threat Intelligence Feeds via TAXII Protocol 

ANY.RUN’s Threat Intelligence Feeds (TI Feeds) provide security teams with exclusive intel on threats targeting 15,000 companies worldwide. With TAXII protocol, you can safely and easily reinforce your company’s proactive detection with TI Feeds.  

Why Use TAXII for TI Feeds? 

TAXII (Trusted Automated eXchange of Indicator Information) allows for swift and comfortable delivery of threat intelligence feeds. It’s a popular standard acknowledged for its security and usability. 

TI Feeds are available for integration with the support of TAXII protocol. With this combo, you’ll achieve: 

• Seamless Compatibility with Security Systems: TAXII ensures effortless integration with SIEM, EDR/XDR, NGFW, and TIP solutions. 

• Secure and Standardized Data Exchange: TAXII provides a secure framework for transferring threat intelligence.  

• Customizable Data Delivery: TAXII allows you to tailor the data you receive, whether it’s all available IOCs or specific types like IPs, URLs, or domains. 

How ANY.RUN’s TI Feeds Strengthen Businesses’ Proactive Security 

TI Feeds empower your SOC with actionable intelligence to proactively monitor and prevent threats, mitigating breach risks and associated costs.  

With ANY.RUN, MSSP companies get to stand out among competitors by enriching their infrastructure with data on real threats targeting companies across industries. 

Integrate TI Feeds into your system for an easy access to all of their perks: 

• Detect Threats Early: Access high-quality indicators from threat investigations across 15,000 organizations worldwide to proactively identify and prevent threats from compromising your systems. 

• Expand Threat Coverage: Get unique IOCs from Memory Dumps, Suricata IDS, and internal threat categorization systems allowing you to catch the most evasive malware. for better monitoring and alert triage. 

• Minimize False Positives: The feeds are pre-processed to ensure indicators are reliable and false positive rate is near-zero. 

• Accelerate Response through Automation: Automatically block malicious IPs, flag related logs, or trigger playbooks based on TI Feeds’ data to reduce manual workload and enable faster reactions.  

• Gain Better Attack Visibility: Our indicators of compromise come with extensive metadata, as well as links to related sandbox sessions for further analysis. 

• Simplify Setup: In addition to TAXII protocol support, we offer API and SDK to deliver ANY.RUN’s feeds in a structured, easy-to-use format—STIX or MISP. 

TI Feeds & TAXII: How It Works 

Integration through TAXII protocol is available for all users with paid plans. You can easily setup TI Feeds as a TAXII endpoint in their system, be that SIEM, TIP, EDR/XDR, NGFW, or other Security Operations solutions.  

Upon connection to ANY.RUN’s TAXII server, your system automatically receives fresh threat intelligence. Check out what our feeds look like by downloading a sample in STIX or MISP format.  

For full access to TI Feeds, purchase or get a 14-day trial. 

After that, your infrastructure will be enriched with uniquely sourced threat data, adding to its efficiency. Feeds will be ready for further processing: you can determine correlations, launch playbooks, and more. 

Contact us to get help with configuration and integration 

About ANY.RUN 

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster. 

Try ANY.RUN’s solutions to give your security operations a boost → 

The post Integrate Threat Intelligence Feeds via TAXII Protocol  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More