Skip to content

JoeSandbox#

README

Joe SandBox#

With the version 3.0 this analyzer allow you to have:

  • the HTML report as an observable
  • the screenshot from Joe Sandbox in the analysis report
  • IP and URL as observable

This analyzer has 3 flavors:

  • URL analysis
  • File analysis inet
  • File analysis noinet

JoeSandbox_Url_Analysis#

Author: CERT-BDF
License: AGPL-V3
Version: 2.0
Supported observables types:
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Joe Sandbox URL analysis.

Configuration#

url URL of JoeSandbox service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
analysistimeout Analysis timeout (seconds)
Default value if not configured 1800
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
networktimeout Network timeout (second)
Default value if not configured 30
Type of the configuration item number
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

No template samples to display.

JoeSandbox_File_Analysis_Noinet#

Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: True
Subscription required: True
Free subscription: N/A
Third party service: N/A

Description#

Joe Sandbox file analysis without Internet access.

Configuration#

url URL of JoeSandbox service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
analysistimeout Analysis timeout (seconds)
Default value if not configured 1800
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
networktimeout Network timeout (second)
Default value if not configured 30
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
HTML_report Download HTML report
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
images Allow images in the report
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
observables Creat observables form report
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

EmlParser: HTML report

EmlParser: images preview

JoeSandbox_File_Analysis_Inet#

Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: True
Subscription required: True
Free subscription: N/A
Third party service: N/A

Description#

Joe Sandbox file analysis with Internet access.

Configuration#

url URL of JoeSandbox service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
analysistimeout Analysis timeout (seconds)
Default value if not configured 1800
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
networktimeout Network timeout (second)
Default value if not configured 30
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
HTML_report Download HTML report
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
images Allow images in the report
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
observables Creat observables form report
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

EmlParser: HTML report

EmlParser: images preview

EmlParser: IP and URL