Triage#
README
Triage Sandbox analyzer#
Triage Sandbox is a commercial malware sandbox that let's you run malware in a safe way.
You can read more about the underlying solutions at: https://hatching.io/
This analyzer requires you to have a commercial license for the Recorded Future sandbox and Private sandbox.
Triage#
Author: Mikael Keri
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
- url
- file
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://tria.ge
Description#
Submit artifacts to the Recorded Future Triage sandbox service. This analyzer requires a paid subscription for the Private and Recorded Future sandboxes.
Configuration#
| api_key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_url | Sandbox API URL: public sandbox (https://tria.ge/api), private sandbox (https://private.tria.ge/api), or Recorded Future sandbox (https://sandbox.recordedfuture.com/api) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| timeout | Sandbox run timeout in seconds (default: 200) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
| zip_pw | Zip archive password |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
