Making ANY.RUN’s products better for the benefit of businesses, organizations, and SOC teams is our top priority. To get maximum value out of our solutions, we provide them with API, a tool enabling users to integrate our services into their security infrastructure. And now, to make this process even smoother, we introduce a software development kit (SDK). 

With it, it’s even easier to make ANY.RUN a part of your security system. Data provided by our solutions will help you establish a safer infrastructure and improve the defense strategy of your company. 

Learn about ANY.RUN’s SDK features, advantages, and use cases below. 

Benefiting the security team of your company 

An SDK is a tool that helps increase the efficiency of your workflow through integration and automation. It simplifies day-to-day tasks for cybersecurity specialists at companies and organizations. This is especially relevant for small security teams who could benefit from automation. 

As a result of making ANY.RUN’s products a part of your security infrastructure via an SDK, you can: 

• Simplify and speed up malware analysis and threat hunting for your security team. 
• Automate routine tasks to save resources for manual in-depth investigation. 
• Access data on real threats collected by 500,000 researchers and 15,000 companies worldwide. 
• Reduce the cost of alert triage, incident investigation, and post-attack response. 
• Mitigate financial and reputational risks by equipping your defense with advanced solutions for threat analysis and detection. 

Our SDK simplifies integration of ANY.RUN’s products into your infrastructure. You can use it for enhanced flexibility, accelerated workflow, and automation of daily tasks.

Tailor the service to the needs of your business with our software development kit by making ANY.RUN’s solutions a part of your system, be that SIEM, SOAR, or XDR. 

Available for all products 

The SDK is available for users with the Hunter plan subscription, as well as with the Enterprise plan for teams. 

You can use ANY.RUN’s SDK with the entire range of our products. It makes it possible to automatically: 

• Submit files and links for analysis and download reports with ANY.RUN’s Interactive Sandbox. 

• Browse URLs and file hashes, as well as check IOCs, IOBs, IOAs and receive other data on threats with TI Lookup. 

• Establish the constant IOCs flow reception with TI Feeds. 

We make sure that the software development kit always complies with the current API version and covers all of its functions, enabling you to always stay on top of things. 

How to implement 

ANY.RUN’s software development kit is based on Python, the most popular programming language for malware analysts. It includes documentation, libraries, and code samples for you to explore. For instructions on how to install and use it, see: 

• ANY.RUN’s SDK documentation on GitHub 

• ANY.RUN’s SDK documentation on PyPI 

We welcome contributions from other developers. You can report bugs and suggest enhancements that would be beneficial for your company, and we’ll be happy to review them, resolve the issues, and make adjustments. For more info on how to contribute, see our guide. 

Use cases of ANY.RUN’s SDK 

Save resources on TI Feeds processing 

ANY.RUN’s TI Feeds provide large amounts of data on IOCs. To process all of this data efficiently, while keeping RAM load low, you can use the SDK. This will help you set up automated download of feeds in chunks, rather than in one go. 

import os

from anyrun.connectors import FeedsConnector
from anyrun.iterators import FeedsIterator


def main():

    with FeedsConnector(api_key) as connector:
        for feed in FeedsIterator.stix(connector, period='week', chunk_size=5):
            print(feed)


if __name__ == '__main__':
    api_key = os.getenv('ANY_RUN_FEEDS_API_KEY')
    main()

Simplify the submission process in ANY.RUN’s Sandbox 

Instead of manually submitting URLs and downloading analysis summaries in ANY.RUN’s Interactive Sandbox, configure the SDK to automate these processes. 

Code to automate URL submission.

Code to automate analysis summary download.

Conduct YARA Search 

YARA Search in TI Lookup allows you to scan our threat intelligence database to find files that match your descriptions. With the SDK, you can receive search results automatically using just one command: 

import os
from pprint import pprint

from anyrun.connectors import YaraLookupConnector


def load_yara_rule() -> str:
    with open('yara_lookup_rule_sample.txt', 'r') as file:
        return file.read()


def main():
    with YaraLookupConnector(api_key) as connector:
        lookup_result = connector.get_yara(load_yara_rule(), stix=True)
        pprint(lookup_result)


if __name__ == '__main__':
    api_key = os.getenv('ANY_RUN_Lookup_API_KEY')
    main()

Choose a connection method (for any service) 

You can use the SDK to connect to any service synchronously or asynchronously. Both methods include the same parameters and functions. For example, in TI Lookup you can switch between them with these code samples: 

• Synchronous version 

• Asynchronous version 

Request a trial period for your SOC team and explore ANY.RUN’s services with new possibilities brought by the SDK.

About ANY.RUN 

ANY.RUN’s services are used by over 500,000 cybersecurity professionals worldwide, including SOC teams at over 15,000 companies. ANY.RUN’s Interactive Sandbox helps businesses ensure fast and accurate analysis of threats targeting Windows, Linux, and Android systems, while the threat intelligence products TI Lookup and TI Feeds enable organizations to enrich their knowledge on active and emerging cyber attacks.