Joe Security Sandbox

Version: 2.0.0

Joe Sandbox is a multi technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis. Rather than focus on one technology Joe Sandbox combines the best parts of multiple techniques. This enables deep analysis, excellent detection and big evasion resistance.

Connect Joe Security Sandbox with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Joe Security Sandbox.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: API key for Joe Security Sandbox
    • URL (Optional. Leave Empty For Default): URL to your Joe Security Sandbox instance. Default is https://jbxcloud.joesecurity.org/api.
    • ACCEPT JOE SANDBOX CLOUD TERMS AND CONDITIONS: Accept the Terms and Conditions of Joe Sandbox Cloud (https://jbxcloud.joesecurity.org/download/termsandconditions.pdf). This is required if you are using 'Joe Sandbox Cloud'.
  4. After you've entered all the details, click Connect.

Actions for JoeSecurity Sandbox

Analysis Info

Show information about analysis.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
WEB ID COLUMN NAMEColumn name from parent table that contains web id. This ID is identified as an analysis.Required

Output

The analysis results in JSON format.

1246

Submit File

Submit a file to JoeSecurity Sandbox for analysis.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
File ID Column NameColumn name from parent table that contains file id to be submitted.Required
Comment Column NameColumn name from parent table that contains comment for the analysis.Required
SystemSelect Server System to run analysis on.Required
Should WaitShould the command wait for the result of the analysis.Required
Internet AccessEnable full internet access. Default is True.Optional
Additional ParametersEnter jinja-templated JSON of additional parameters (optional or otherwise). Note: This will override values (if provided) for the above input fields like System, Comment, and Internet-Access.
For more information on parameters, refer to https://jbxcloud.joesecurity.org/userguide?sphinxurl=usage/webapi.html#apiv2-submission-new.
Example:
Optional
{
  "systems": null,
  "fast-mode": true,
  "export-to-jbxview": true
}

Output

Result in JSON format when should_wait is false.

1246

Submit URL

Submit a URL to JoeSecurity Sandbox for analysis.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
URL Column NameColumn name from parent table that contains URL to be analyzed.Required
Comment Column NameColumn name from parent table that contains comment for the analysis.Required
SystemSelect Server System to run analysis on.Required
Should WaitShould the command wait for the result of the analysis.Required
Internet AccessEnable full internet access. Default is True.Optional
Additional ParametersEnter jinja-templated JSON of additional parameters (optional or otherwise). Note: This will override values (if provided) for the above input fields like System, Comment, Internet-Access.
For more information on parameters, refer to https://jbxcloud.joesecurity.org/userguide?sphinxurl=usage/webapi.html#apiv2-submission-new.
Example:
Optional
{
  "systems": null,
  "fast-mode": true,
  "export-to-jbxview": true
}

Output

Result in JSON format when should wait is false.

1246

Download Report

Download a resource belonging to a report. This can be the full report, dropped binaries, and so on.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Web ID Column NameColumn name from parent table that contains web ID.Required
Report TypeThe resource type to download. Defaults to HTML.Optional

Output

File ID of the downloaded report in JSON format.

1234

Download Sample

Download the sample file of analysis. for security reasons, the extension will be "dontrun".

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Web ID Column NameColumn name from parent table that contains web ID.Required

Output

File ID of the downloaded JSON sample.

1244

Is Online

Check if Joe Sandbox is online or in maintenance mode.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

Status data in JSON format.

1244

List Analyses

List all analyses that are present on JoeSecurity Sandbox.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Explode ResultsSelect whether to return separate rows for each result or a single row containing all results. Default is Separate Rows.Optional

Output

Results in JSON format.

1220

Search Analyses

Search through all analyses.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Query Column NameColumn name from parent table that contains a query string. The query string will be used to search. The server considers the following fields: md5, sha1, sha256, filename, URL, comments.Required

Output

Search Results in JSON format.

1220

Delete Analysis

Delete analysis by webID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Web IDJinja-templated text containing webID.Required

Output

Results in JSON format.

{
  
 "has_error":false,
 "result":{"deleted":true},
 "error":null
  
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

© Devo Technology Inc. All Rights Reserved.