The "Analyze Files with ANY.RUN Sandbox" workflow template is designed for security teams to enhance their threat intelligence and incident response capabilities. By submitting a file download URL, users can leverage the ANY.RUN Sandbox to perform in-depth analysis, extracting Indicators of Compromise (IoCs) such as IPs, URLs, and file hashes. The workflow outputs a comprehensive JSON report, providing a verdict and enriched data to support application security operations and endpoint detection and response efforts.
Use Cases
Application Security Operations , Endpoint Detection and Response (EDR) , Function , Threat Intelligence Enrichment
Workflow Breakdown
Accepts a file download URL as an input parameter.
The completed analysis report is retrieved and a sandbox summary is generated.
Indicators of Compromise (IPs, URLs, file hashes) are extracted from the analysis.
A final enrichment summary is produced, combining the report details with the extracted IoCs as the workflow output.
Vendors
Utils, ANY.RUN
Workflow Output
ANY.RUN Sandbox analysis report and verdict for the submitted file, and extracted IOCs.
