Intermediate Pro

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Self-Paced by Rajneesh Gupta

Overview

Wazuh → n8n → ANY.RUN Malware Analysis

This workflow automates malware analysis by:

  1. Wazuh detects file creation → triggers webhook.
  2. n8n receives alert (Webhook node).
  3. Suspicious file is transferred securely via SSH.
  4. File is submitted to ANY.RUN sandbox (Execute Command + API).
  5. Extract Task ID → poll ANY.RUN for report.
  6. Retrieve IOCs and make them available for enrichment/alerts.

Key Components

  • Webhook (receive Wazuh alerts)
  • SSH (transfer file)
  • Execute Command (submit file to ANY.RUN)
  • Code (parse Task ID)
  • HTTP Request (fetch reports + IOCs)

What You'll Learn

  • Trigger an n8n workflow from Wazuh when new files are added

    Configure Wazuh to send file alerts to n8n so the automation kicks off instantly.

  • Securely transfer files from endpoints to an analysis environment

    Use SSH or SCP to move suspicious files safely to a controlled analysis server.

  • Submit files automatically to ANY.RUN sandbox via API

    Automate malware submissions to ANY.RUN with the correct API parameters.

  • Extract task IDs, retrieve reports, and pull IOCs programmatically

    Parse ANY.RUN responses to get task IDs and fetch detailed reports with IOCs.

  • Extend the workflow for SOC alerts, ticketing, and automation

    Send analysis results into ServiceNow, Slack, or email for faster incident response.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs