JoeSandbox#
README
Joe SandBox#
With the version 3.0 this analyzer allow you to have:
- the HTML report as an observable
- the screenshot from Joe Sandbox in the analysis report
- IP and URL as observable
This analyzer has 3 flavors:
- URL analysis
- File analysis inet
- File analysis noinet
JoeSandbox_File_Analysis_Noinet#
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: True
Subscription required: True
Free subscription: N/A
Third party service: N/A
Description#
Joe Sandbox file analysis without Internet access.
Configuration#
| url | URL of JoeSandbox service |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| analysistimeout | Analysis timeout (seconds) |
|---|---|
| Default value if not configured | 1800 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
| networktimeout | Network timeout (second) |
|---|---|
| Default value if not configured | 30 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
| HTML_report | Download HTML report |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
| images | Allow images in the report |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
| observables | Creat observables form report |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
JoeSandbox_File_Analysis_Inet#
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: True
Subscription required: True
Free subscription: N/A
Third party service: N/A
Description#
Joe Sandbox file analysis with Internet access.
Configuration#
| url | URL of JoeSandbox service |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| analysistimeout | Analysis timeout (seconds) |
|---|---|
| Default value if not configured | 1800 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
| networktimeout | Network timeout (second) |
|---|---|
| Default value if not configured | 30 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
| HTML_report | Download HTML report |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
| images | Allow images in the report |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
| observables | Creat observables form report |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
JoeSandbox_Url_Analysis#
Author: CERT-BDF
License: AGPL-V3
Version: 2.0
Supported observables types:
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
Joe Sandbox URL analysis.
Configuration#
| url | URL of JoeSandbox service |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| analysistimeout | Analysis timeout (seconds) |
|---|---|
| Default value if not configured | 1800 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
| networktimeout | Network timeout (second) |
|---|---|
| Default value if not configured | 30 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
No template samples to display.