ANY.RUN
App Vendor: ANY.RUN
Connector Category: Forensics & Malware Analysis
Connector Version: 1.0.0
API Version: 1.0.0
About App
ANY.RUN shows many aspects of testing, such as creating new processes, potentially suspicious or malicious files, URLs, registry activity, network requests, and much more in real-time, allowing the analysts to make conclusions during the task execution. In Orchestrate, this app allows accessing the malware reports through public submissions and downloading them in specialized formats.
The ANY.RUN app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get environment details | This action fetches environment details using the request available for the environment. |
Get history details | This action obtains the analyzed history details. |
Get report details | This action obtains report details of an analysis using task ID. |
Get user details | This action fetches user details and user request limits. |
Run an analysis | This action runs an analysis with a file sample using filters and parameters. |
Configuration Parameters
The following configuration parameters are required for the ANY.RUN app to communicate with the ANY.RUN enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API key | Enter the API key. Example: "zaCELgL. 0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx" | Password | Required |
Action: Get Environment Details
This action fetches environment details using the request available for the environment.
Action Input Parameters
This action does not require any input parameter.
Action: Get History Details
This action obtains the analyzed history details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Team | Enter the team to the specified team's history. | Boolean | Optional | Allowed boolean values:
Default value: False |
Skip | Enter skip to skip retrieving certain history details. Example: 25 | Integer | Optional | Default value: 0 |
Limit | Enter the limit for retrieving the history details. Example: 10 | Integer | Optional | Default value: 25 Allowed size range: 1-100 |
Example Request
[
{
"team:"false";
"skip": 30;
"limit": 10
}
]Action: Get Report Details
This action obtains report details of an analysis using task ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Task id | Enter the task ID. Example: "25f80964-b12d-4163-b333-d31242728411" | Text | Required |
Example Request
[
{
"taskid":"25f80964-b12d-4163-b333-d31242728411"
}
]Action: Get User Details
This action fetches user details and user request limits.
Action Input Parameters
This action does not require any input parameter.
Action: Run an Analysis
This action runs an analysis with a file sample using filters and parameters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File path | Enter the file path. Example: "/tmp/5e00bcbf-104b-4c03-8ff9-b19ebd17640e/kaspersky_endpoint_security_for_enterprise.pdf" | Text | Required | |
Environment OS name | Enter the environment operating system. | Text | Optional | Default value: windows |
Environment OS arch type | Enter the environment operating system architecture type. | Integer | Optional | Allowed values:
Default value: 32 |
Environment OS version | Enter the version of the operating system. | Text | Optional | Allowed values:
Default value: 7 |
Environment type | Enter the environment type. | Text | Optional | Allowed values:
Default value: complete |
Network connect | Enter the network connection state. | Text | Optional | Default value: True |
Network fakenet | Enter the network fakenet status. | Boolean | Optional | Allowed values:
Default value: False |
Tor network connection | Optional preference to either include or exclude the connection details. | Boolean | Optional | Default value: False |
Mitm network | Enter the https://mitm proxy option. | Boolean | Optional | Default value: False |
Geolocation | Enter the geolocation option. | Text | Optional | Allowed values:
|
Kernel heavy evasion | Enter the kernel heavy evasion option. | Boolean | Optional | Default value: False |
Privacy setting | Enter the privacy settings. | Text | Optional | Default value: bylink Allowed values:
|
Timeout | Enter the timeout option. | Integer | Optional | Default value: 60 Allowed size range: 10-660 |
Start folder | Enter the start object from. | Text | Optional | Default value: temp Allowed values:
|