The ANY.RUN CDF for ThreatQ enables a ThreatQ user to automatically ingest malware samples, malware analysis reports, and related IOCs from samples that your organization submitted to ANY.RUN. The integration then parses the data and ingests it into ThreatQ.

• Analysis Endpoint (JSON) - Returns a rolling history of your organization’s submissions to the ANY.RUN sandbox. It does not include the actual reports
• Report Endpoint (JSON) - Returns the actual report/analysis results for a given task
• IOC Endpoint (JSON) - Returns IOCs related to a given analysis.
• Analysis HTML Report (Attachment) - Returns an HTML file containing a formatted report for the given sample.
• TQ Attachments Endpoint (TQ) - Allows you to search for an existing report for a sample to avoid uploading duplicate reports.