ANY.RUN

the any run connector facilitates the integration of any run's interactive malware analysis service with other platforms, enabling automated threat detection and response workflows any run is an interactive malware hunting service that enables the in depth analysis of cyber threats in a safe and controlled environment the any run connector for swimlane turbine allows users to automate the retrieval of execution histories, comprehensive task reports, available analysis environments, and user account limits it also facilitates the initiation of new analyses for dynamic examination of files or urls this integration empowers security teams to streamline their malware investigation and analysis processes, enhancing their ability to respond to threats quickly and efficiently within the swimlane turbine platform prerequisites to effectively utilize the any run connector within the swimlane turbine platform, ensure you have the following prerequisites http basic authentication with these parameters url endpoint for the any run api username your any run account username password your any run account password api key authentication with these parameters url endpoint for the any run api api key a unique identifier to authenticate requests to the any run api capabilities this connector provides the following capabilities get history get report request available environment request user limits run new analysis notes any run api documentation link https //any run/api documentation/#api configurations anyrun interactive analysis api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional anyrun http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get history fetches the execution history from any run, providing a detailed log of previous activities endpoint url v1/analysis method get input argument name type required description parameters team boolean optional parameters for the get history action parameters skip number optional parameters for the get history action parameters limit number optional parameters for the get history action input example {"parameters" {"team"\ false,"skip" 0,"limit" 25}} output parameter type description status code number http status code of the response reason string response reason phrase error boolean error message if any data object response data data tasks array response data output example {"error"\ true,"data" {"tasks" \["string"]}} get report retrieves a comprehensive report for a specified task in any run using the task identifier provided in path parameters endpoint url v1/analysis/{{task}} method get input argument name type required description path parameters task string required parameters for the get report action input example {"path parameters" {"task" "0cf223f2 530e 4a50 b68f 563045268648"}} output parameter type description status code number http status code of the response reason string response reason phrase error boolean error message if any data object response data data mitre array response data data mitre name string response data data mitre phases array response data data mitre id string response data data debugstrings array response data data debugstrings file name string response data data debugstrings file string response data data incidents array response data data incidents process string response data data incidents events array response data data incidents events cmdparent string response data data incidents events cmdchild string response data data incidents events image string response data data incidents events time number response data data incidents mitre array response data data incidents count number response data data incidents firstseen number response data data incidents source string response data data incidents desc string response data data incidents title string response data data incidents threatlevel number response data output example {"error"\ true,"data" {"mitre" \[{}],"debugstrings" \[{}],"incidents" \[{}],"modified" {"registry" \[],"files" \[]},"network" {"threats" \[],"connections" \[],"httprequests" \[],"dnsrequests" \[]},"malconf" \[{}],"processes" \[{}],"counters" {"synchronization" {},"registry" {},"files" {},"network" {},"processes" {}},"environments" {"hotfixes" \[],"software" \[],"internetexplorer" {},"os" {}},"analysis" {"content" {},"scores" {},"options" {},"tags" \[],"creationtext" "string","creation" 123,"duration" 123,"sand request available environment retrieve a list of available environments from any run for initiating analysis sessions endpoint url v1/environment method get output parameter type description status code number http status code of the response reason string response reason phrase error boolean error message if any data object response data data environments array response data data environments build number response data data environments variant string response data data environments version string response data data environments type string response data data environments os string response data data environments software object response data data environments software ie object response data data environments software ie version string response data data environments software upps array response data data environments software apps array response data data environments software apps name string response data data environments software apps version string response data data environments bitness number response data output example {"error"\ true,"data" {"environments" \[{}]}} request user's limit retrieve usage statistics and account limits for a user, including submission counts and api request numbers on any run endpoint url v1/user method get output parameter type description status code number http status code of the response reason string response reason phrase error boolean error message if any data object response data data limits object response data data limits web object response data data limits web minute number response data data limits web hour number response data data limits web day number response data data limits web month number response data data limits api object response data data limits api minute number response data data limits api hour number response data data limits api day number response data data limits api month number response data data limits parallels object response data data limits parallels total number response data data limits parallels available number response data output example {"error"\ true,"data" {"limits" {"web" {},"api" {},"parallels" {}}}} run new analysis initiates a new analysis in any run for dynamic examination of files or urls endpoint url v1/analysis method post input argument name type required description attachments object optional file to be analysed attachments file string optional parameter for run new analysis attachments file name string optional name of the resource data body object optional response data data body env os string optional response data data body env bitness number optional response data data body env version string optional response data data body env type string optional response data data body opt network connect boolean optional response data data body opt network fakenet boolean optional response data data body opt network tor boolean optional response data data body opt network mitm boolean optional response data data body opt network geo string optional response data data body opt kernel heavyevasion boolean optional response data data body opt privacy type string optional response data data body opt timeout number optional response data data body opt ext startfolder string optional response data data body obj type string optional response data data body obj url string optional response data data body obj ext cmd string optional response data data body obj ext browser string optional response data data body obj ext useragent string optional response data data body obj ext elevateprompt boolean optional response data data body obj ext extension boolean optional response data data body obj privacy hidesource boolean optional response data input example {"data body" {"env os" "windows","env bitness" 32,"env version" "7","env type" "complete","opt network connect"\ true,"opt network fakenet"\ false,"opt network tor"\ false,"opt network mitm"\ false,"opt network geo" "us","opt kernel heavyevasion"\ false,"opt privacy type" "bylink","opt timeout" 60,"opt ext startfolder" "temp","obj type" "url","obj url" "https //swimlane com","obj ext cmd" "2 256","obj ext browser" "google chrome","obj ext useragent" "2 256","obj ext elevateprompt"\ true,"obj ext extension"\ true,"obj privacy hidesource"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase error boolean error message if any data object response data data taskid string response data output example {"error"\ true,"data" {"taskid" "string"}} response headers header description example access control allow headers http response header access control allow headers access control allow origin http response header access control allow origin cf cache status http response header cf cache status cf ray http response header cf ray connection http response header connection content encoding http response header content encoding content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt etag an identifier for a specific version of a resource server information about the software used by the origin server strict transport security http response header strict transport security transfer encoding http response header transfer encoding vary http response header vary