v1.14.14

Fixes:

• Lookup, Yara and Feeds was fixed after breaking in previous release

v1.14.13

New features:

• A new report type was added: brief
• The root_url parameter was added to Sandbox connectors

v1.14.12

Fixes

• Fixed report_format field value

v.1.14.11

Windows Server, macOS and minor improvements

Windows Server and macOS are now available in the SDK

from anyrun.connectors import SandboxConnector

with SandboxConnector.macos(api_key) as connector:
    analysis_id = connector.run_url_analysis('https://any.run')

with SandboxConnector.windows(api_key) as connector:
    analysis_id = connector.run_url_analysis('https://any.run', env_os='server 2025')

---

Improvements

• Added a new decorator that raises an error if the analysis fails to start
• Added new option opt_auto_delete_after to the file and url analysis methods
• Improved documentation of the enums in file and url analysis methods
• Unit test coverage increased to 95%
• Add coverage badge in README

---

Updates

• The default Indicators of Compromise (IOC) filter for the ioc report format has been changed from 'all' to 'suspicious'
• The name of one of the report formats has been changed from 'summary' to 'json'

---

Fixes

• Fixed a bug with incorrectly obtaining a description from an aiohttp response object

v1.13.11

Improvements in API response parsing automation

TI Lookup summary parsing

from anyrun.connectors import LookupConnector

with LookupConnector(api_key) as connector:
    summary = connector.get_intelligence(domain_name='1.1.1.1', parse_response=True)
    
    if summary.is_empty():
        print(f'The object is not found.')
        return

    print(summary.verdict())
    print(summary.tags())
    print(summary.industries())

You can see the full example here

---

Minor improvements in get_analysis_report()

Now report_format="ioc" allows you to automatically compare the reputation of IOCs

from anyrun.connectors.sandbox.base_connector import BaseSandboxConnector

with BaseSandboxConnector(api_key) as connector:
    analysis_uuid = 'c7f88546-cd8d-47ba-8159-7b7a8ef28a52'
    # Supported reputation formats: malicious, suspicious, unknown
    iocs = connector.get_analysis_report(analysis_uuid, report_format='ioc', ioc_reputation='malicious')
    print(iocs)

You can learn more about the get_analysis_report() and other analysis methods here

---

A new generic interface

Allows to customize requests to the ANY.RUN API

from anyrun.connectors import LookupConnector
from anyrun.connectors.generic_environment import GenericEnvironment

# Send a direct request using custom parameters
generic_connector = GenericEnvironment("https://custom_endpoint_name")
lookup_result = generic_connector.generic_request(api_key, "POST", json={"query": 'destinationIP:"1.1.1.1"'})
pprint(lookup_result)

# Set a custom request URL and use any connector
with GenericEnvironment("https://custom_endpoint_name"):
    with LookupConnector(api_key) as connector:
        lookup_result = connector.get_intelligence(destination_ip='1.1.1.1')
        pprint(lookup_result)

v1.12.11

Changes in authentication

We are ending support for Basic Auth, for the TI Feeds service

You can access ANY.RUN services using an API key without a prefix. Legacy access methods such as API keys with a prefix and access to TI Feeds via Basic Authentication are supported only for backward compatibility and will be removed in future releases.

When using legacy authentication methods, you will receive a warning:

.../anyrun/connectors/base_connector.py:257: UserWarning: To access all ANY.RUN services, please use an API key without a prefix. API keys with a prefix and access to TI Feeds via Basic Authentication are supported only for backward compatibility and will be removed in future releases.

v1.11.11

Fixes

• Fixed TAXII connector errors description

v1.11.10

Global Changes to the TI Feeds interface

We are ending support for stix, misp, and malconf feeds. Please use TAXII feeds instead.

New features:

• Updated proxy configuration. Now aiohttp.BasicAuth is used for authorization. The method for generating proxy link for the integration with requests module remains unchanged.

from anyrun.connectors import SandboxConnector

with SandboxConnector.linux(api_key, 'https://my.cool.proxy:443', 'proxy-user', 'proxy-password') as connector:
    ....

Fixes:

• Fixed parsing of the match[revoked] parameter for the taxi feed.

v1.10.10

Fixes

• Fixed url query syntax for the Lookup request

v1.10.9

Fixes:

• Disabled HTTP response parsing when executing check_proxy() method