JoeSandbox
README
Joe SandBox
With the version 3.0 this analyzer allow you to have:
- the HTML report as an observable
- the screenshot from Joe Sandbox in the analysis report
- IP and URL as observable
This analyzer has 3 flavors:
- URL analysis
- File analysis inet
- File analysis noinet
JoeSandbox_File_Analysis_Inet
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: True
Subscription required: True
Free subscription: N/A
Third party service: N/A
Description
Joe Sandbox file analysis with Internet access.
Configuration
| url |
URL of JoeSandbox service |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| key |
API key |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| analysistimeout |
Analysis timeout (seconds) |
| Default value if not configured |
1800 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| networktimeout |
Network timeout (second) |
| Default value if not configured |
30 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| HTML_report |
Download HTML report |
| Default value if not configured |
False |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| images |
Allow images in the report |
| Default value if not configured |
False |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| observables |
Creat observables form report |
| Default value if not configured |
False |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
True |
Templates samples for TheHive
JoeSandbox_Url_Analysis
Author: CERT-BDF
License: AGPL-V3
Version: 2.0
Supported observables types:
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Joe Sandbox URL analysis.
Configuration
| url |
URL of JoeSandbox service |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| key |
API key |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| analysistimeout |
Analysis timeout (seconds) |
| Default value if not configured |
1800 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| networktimeout |
Network timeout (second) |
| Default value if not configured |
30 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
Templates samples for TheHive
No template samples to display.
JoeSandbox_File_Analysis_Noinet
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: True
Subscription required: True
Free subscription: N/A
Third party service: N/A
Description
Joe Sandbox file analysis without Internet access.
Configuration
| url |
URL of JoeSandbox service |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| key |
API key |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| analysistimeout |
Analysis timeout (seconds) |
| Default value if not configured |
1800 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| networktimeout |
Network timeout (second) |
| Default value if not configured |
30 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| HTML_report |
Download HTML report |
| Default value if not configured |
False |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| images |
Allow images in the report |
| Default value if not configured |
False |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| observables |
Creat observables form report |
| Default value if not configured |
False |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
True |
Templates samples for TheHive
