Anyrun
Version: 1.0.3
Anyrun is a service that allows cybersecurity specialists to detect, analyze, and monitor cybersecurity threats. It is the interactive online malware analysis sandbox, where the user controls the flow of the analysis.
Connect Anyrun with LogicHub
- Navigate to Automations > Integrations.
- Search for Anyrun.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API Key: API Key for Anyrun.
- After you've entered all the details, click Connect.
Actions for Anyrun
Get History
Retrieves History.
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
{
"error": null,
"has_error": false,
"result": [
{
"date": "2024-06-10T11:26:58.260Z",
"file": "https://content.any.run/tasks/32ebb433-317f-4031-b894-0b232d3bc144/download/files/7ce93048-e032-41fb-87de-c33d06d33b6e",
"hashes": {
"head_hash": "87d87041b3d247e041e1fba72da73b21",
"md5": "87d87041b3d247e041e1fba72da73b21",
"sha1": "cddf08a54ca3f47b1d01de1fbd7880d8b0eb5f82",
"sha256": "55c584ca6b7938d690b295a1a2c1ece1b939c9748873d5887dd9b6ce94615062",
"ssdeep": "96:SzRUG+DiR39S2aSA/KSod/5w8SfXeA1dLpIHihGJS9VKG+jCqRj7/PbkG+iqyRPo:5jU9RaXSDH+Xj9pIEGJrDBBHbkHKYatK"
},
"json": "https://api.any.run/report/32ebb433-317f-4031-b894-0b232d3bc144/summary/json",
"misp": "https://api.any.run/report/32ebb433-317f-4031-b894-0b232d3bc144/summary/misp",
"name": "cc1bedc5d32d4cc2abcbac870db4585f",
"pcap": "https://content.any.run/tasks/32ebb433-317f-4031-b894-0b232d3bc144/download/pcap",
"related": "https://app.any.run/tasks/32ebb433-317f-4031-b894-0b232d3bc144",
"tags": [
"spam"
],
"uuid": "32ebb433-317f-4031-b894-0b232d3bc144",
"verdict": "No threats detected"
}
]
}
Get Report Details
Retrieves details of a report.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Task Id | Jinja Templated text containing Task ID. | Required |
Output
JSON containing the following items:
"data":{
"error": False
"data":{
"analysis":{}
"environments":{}
"counters":{}
"processes": []
"malconf":[]
"network":{}
"modified":{}
"incidents":[]
"debugStrings":[]
"mitre":[]
"status":"done"
}
"has_error":false
}
Run new analysis
This method submits a file and runs new analysis.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| File Id | Jinja Templated text containing ID of file that needs to be analysed. | Required |
| Parameters | Jinja Templated JSON containing the parameters and options to submit along with file for analysis. | Optional |
Output
JSON containing the following items:
{
"error":null,
"data":{
"taskid":"544c787b-6390-402c-85ef-c69efb69c4f2"
},
"has_error":false
}
Get TI Data
This method makes a TI lookup.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Data | Jinja Templated JSON containing the data to submit. query field is a must, Example { "query": "SuricataClass:"Potential Corporate Privacy Violation""} | Required |
Output
JSON containing the following items:
"data":{
"DestinationPort":[],
"DestinationIPGeo":[],
"DestinationIPASN":[],
"related_tasks":[],
"ThreatName":[],
"summary":{},
"related_incidents":[],
"DestinationIp":[],
"related_files":[],
"related_dns":[],
"related_urls":[],
"source_tasks":[],
"related_synchronization_objects":[]
}
Release Notes
v1.0.3- Initial Release
Updated 5 months ago