Cut Response Time with This Free, Powerful Threat Intelligence Service

ANY.RUN’s announced a game-changing opportunity for cybersecurity professionals worldwide: Threat Intelligence Lookup (TI Lookup) now offers a comprehensive free plan. High-quality, real-time threat intelligence is available at no cost, democratizing access to the critical insights that security teams need to stay ahead of evolving threats.

Threat Intelligence Lookup: Under the Hood

TI Lookup is a real-time threat intelligence service powered by ANY.RUN’s Interactive Sandbox: a trusted solution used by over 15,000 organisations worldwide.

SOC teams and threat hunters use the sandbox to detonate suspicious files and URLs in a safe, live environment. The sandbox captures in-depth technical evidence, including:

• IOCs: Hashes, IPs, domains.
• Behaviour: Registry changes, file modifications, and processes.
• Network Activity: Command-and-control (C2) connections.
• Extras: Malware configurations and Suricata IDS signatures.
• TTPs: Tactics, techniques, and procedures, mapped to the MITRE ATT&CK Matrix.

This rich stream of behavioural data feeds directly into TI Lookup, giving analysts access to fresh, actionable intelligence while attacks are still active, not weeks later.

Unlike other threat intelligence sources that rely on delayed public disclosures, TI Lookup offers live data generated from ongoing attacks across the globe.

How Threat Intelligence Lookup Transforms SOC Operations

The fastest way to detect and respond to a threat is by recognising it from another incident. ANY.RUN facilitates leveraging intelligence from similar attacks that have already hit other organisations. Security teams of over 15,000 companies investigate incident artefacts in the Sandbox, which ensures TI Lookup is always equipped with the latest threat data, including comprehensive context from live detonations, not post-incident reports.

SOC teams can rapidly enrich their alerts with TI Lookup context, including through API/SDK automation capabilities. This acceleration in threat detection and validation provides the behavioural insights required for fast mitigation, ultimately reducing Mean Time to Response (MTTR) from hours to minutes.

Threat Intelligence Lookup Free Plan Capabilities for SOC Teams

The essential features of TI Lookup are available at no cost. The free plan includes: 

• Access to Recent Intelligence: View up to 20 sandbox sessions per query.
• Unlimited Basic Searches: Conduct unlimited lookups using basic search parameters like file hashes, URLs, domains, IP addresses, MITRE ATT&CK techniques, Suricata IDs, and more.
• Search Operators: Use the AND logical operator for combined searches.

With free access to TI Lookup, you can address common SOC challenges more effectively:

• Enrich Threat Investigations: Add comprehensive context to your security incidents with real-time intelligence.
• Reduce Response Time (MTTR): Accelerate your incident response with immediate access to behavioural insights.
• Strengthen Proactive Defence: Identify emerging threats before they impact your organisation.
• Grow Team Expertise: Enhance your team’s understanding of current threat landscapes and attack methods. 
• Develop Security Rules: Create more effective SIEM, IDS/IPS, or EDR rules based on real-world threat intelligence.

How to Get Free Access to Threat Intelligence Lookup

Visit Threat Intelligence Lookup to get free access and start your first investigation right away. But first, view a couple of hands-on examples of how TI Lookup on the free plan supercharges SOC workflows.  

Threat Intelligence Lookup’s Free Plan: Real-World Use Cases  

Whether you’re a SOC analyst, threat hunter, or security enthusiast, ANY.RUN’s solutions equip you to respond to threats faster, smarter, and with greater confidence.

Fast Triage and Data-Fueled Response

When a suspicious domain emerges in network connections, search it in TI Lookup to get an immediate actionable verdict: 

domainName:”smtp.godforeu.com”

Besides the immediate “Malicious” verdict enough to escalate the incident, the lookup results signal to an analyst that the domain belongs to the notorious Agent Tesla stealer and that it has been spotted in the most recent attack investigations, thus identifying an actual threat. 

Threat Hunting for Proactive Defence

Proactive discovery of the signs of network compromise can also be taken to the next level with TI Lookup. For instance, to see if a certain malware targets a specific region, use a compound query combining the threat name and the country identifier: 

threatName:”tycoon” AND submissionCountry:”de”

The search results contain links to Interactive Sandbox public analyses of Tycoon 2FA phishing kit samples submitted by users from Germany. Each analysis session can be viewed to study the malware behaviour and collect indicators. 

From Free Access to Enterprise-Level Threat Intelligence: Premium Plan

The premium plan designed for SOC teams from businesses and organisations supports private searches that can’t be seen by other users and other advanced features:

Conclusion

The launch of the free TI Lookup plan represents more than just a pricing change. It’s a fundamental shift in how threat intelligence becomes accessible to security professionals at every level. 

Whether you’re a seasoned threat hunter at a Fortune 500 company or a SOC analyst at a growing organisation with limited resources, you now have the same access to cutting-edge, real-time threat intelligence that was previously available only to enterprise customers.

For analysts, this means no more working with incomplete information or relying on outdated threat feeds. Threat hunters benefit from unprecedented visibility into active campaigns and emerging attack patterns. With access to intelligence from 15,000+ organisations worldwide, you can identify threat actor TTPs, understand attack progressions, and develop proactive hunting strategies based on real-world data, not theoretical scenarios.

Get started with Threat Intelligence Lookup to speed up triage and response.