Stop URL Phishing: Cut SOC Triage Time & Draining SOCs

ANY.RUN’s Sandbox now features a new URL Details investigation layer, offering dynamic in-browser-data inspection. This capability provides related context, screenshots, and reveals DOM modifications directly within the Interactive Sandbox. Relevant indicators are also collected in a dedicated tab for deeper analysis. Utilizing a YARA rule built from phishing page snapshots, 145 related samples have been identified. These advancements lead to significant operational improvements for Security Operations Centers (SOCs). Mean Time To Detect (MTTD) is reduced to just 15 seconds, allowing analysts to identify malicious activity earlier in the triage process. Furthermore, Mean Time To Respond (MTTR) decreases by up to 21 minutes per case, thanks to clearer evidence, faster verdicts, and fewer manual checks. Tier 1 analysts gain sufficient context to confirm or close more cases, minimizing unnecessary escalations to senior teams. When escalation is required, Tier 2/3 teams receive a comprehensive evidence package instead of fragmented data, ensuring smoother handoffs. Browser-level evidence, page artifacts, and related threat context also strengthen detection work, enabling teams to build better rules, hunting logic, and expand phishing coverage. Ultimately, these efficiencies mean analysts spend less time manually reconstructing attack flows and more time addressing critical threats, leading to more efficient SOC operations overall.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.