JoeSecurity Sandbox

Joe Sandbox is a multi technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis. Rather than focus on one technology Joe Sandbox combines the best parts of multiple techniques. This enables deep analysis, excellent detection and big evasion resistance.

Integration with LogicHub

Connecting with JoeSecurity Sandbox

To connect to JoeSecurity Sandbox following details are required:

Actions with JoeSecurity Sandbox

Analysis Info

Show information about analysis.

Inputs to this Action

  • Connection: Choose a connection that you have created
  • WEB ID COLUMN NAME: Column name from parent table that contains web id. This ID is identified as an analysis.

Output of Action
The analysis results in JSON format.

Submit File

Submit a file to JoeSecurity Sandbox for analysis.

Inputs to this Action

  • Connection: Choose a connection that you have created
  • FILE ID COLUMN NAME: Column name from parent table that contains file id to be submitted.
  • COMMENT COLUMN NAME: Column name from parent table that contains comment for the analysis.
  • SYSTEM: Select Server System to run analysis on.
  • SHOULD WAIT: Should the command wait for the result of the analysis
  • INTERNET ACCESS (OPTIONAL): Enable full internet access. Default is True.
  • ADDITIONAL PARAMETERS (OPTIONAL): Enter jinja-templated JSON of additional parameters (optional or otherwise). Note: This will override values (if provided) for the above input fields like System, Comment, and Internet-Access.
    For more information on parameters, refer to https://jbxcloud.joesecurity.org/userguide?sphinxurl=usage/webapi.html#apiv2-submission-new.
    Example:
{
  "systems": null,
  "fast-mode": true,
  "export-to-jbxview": true
}

Output of Action
Result in JSON format when should_wait is false.

Submit URL

Submit a URL to JoeSecurity Sandbox for analysis.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • URL COLUMN NAME: Column name from parent table that contains URL to be analyzed.
  • COMMENT COLUMN NAME: Column name from parent table that contains comment for the analysis.
  • SYSTEM: Select Server System to run analysis on.
  • SHOULD WAIT: Should the command wait for the result of the analysis
  • INTERNET ACCESS (OPTIONAL): Enable full internet access. Default is True.
  • ADDITIONAL PARAMETERS (OPTIONAL): Enter jinja-templated JSON of additional parameters (optional or otherwise). Note: This will override values (if provided) for the above input fields like System, Comment, Internet-Access.
    For more information on parameters, refer to https://jbxcloud.joesecurity.org/userguide?sphinxurl=usage/webapi.html#apiv2-submission-new.
    Example:
{
  "systems": null,
  "fast-mode": true,
  "export-to-jbxview": true
}

Output of Action
Result in JSON format when should wait is false.

Download Report

Download a resource belonging to a report. This can be the full report, dropped binaries, and so on.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • WEB ID COLUMN NAME: Column name from parent table that contains web ID.
  • REPORT TYPE (OPTIONAL): The resource type to download. Defaults to HTML.

Output of Action
File ID of the downloaded report in JSON format.

Download Sample

Download the sample file of analysis. for security reasons, the extension will be "dontrun".

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • WEB ID COLUMN NAME: Column name from parent table that contains web ID.

Output of Action
File ID of the downloaded sample in JSON format.

Is Online

Check if Joe Sandbox is online or in maintenance mode.

Inputs to this Action

  • Connection: Choose a connection that you have created.

Output of Action
Status data in JSON format.

List Analyses

List all analyses that are present on JoeSecurity Sandbox.

Inputs to this Action

  • Connection: Choose a connection that you have created
  • EXPLODE RESULTS (OPTIONAL): Select whether to return separate rows for each result or a single row containing all results. Default is Separate Rows.

Output of Action
Results in JSON format.

Search Analyses

Search through all analyses.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • QUERY COLUMN NAME: Column name from parent table that contains a query string. The query string will be used to search. The server considers the following fields: md5, sha1, sha256, filename, URL, comments.

Output of Action
Search Results in JSON format.

Delete Analysis

Delete analysis by webID.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • WEBID: Jinja-templated text containing webID.

Output of Action
Results in JSON format.

{
  
 "has_error":false,
 "result":{"deleted":true},
 "error":null
  
}

Did this page help you?