Joe Security Sandbox

joe security sandbox automates malware analysis, providing detailed insights into file and url behavior to aid in threat detection and response joe security sandbox is a robust malware analysis service that provides automated, deep analysis of suspicious files and urls this connector enables swimlane turbine users to submit files or urls for analysis, retrieve detailed reports, and download specific resources such as full reports or dropped binaries by integrating with joe security sandbox, security teams can enhance their incident response capabilities with automated malware investigations, enriching their security playbooks with actionable intelligence and reducing manual analysis efforts prerequisites to effectively utilize the joe security sandbox connector within swimlane turbine, ensure you have the following joe security joe sandbox api authentication with the necessary parameter api key your unique identifier to authenticate requests to joe security sandbox capabilities the connector provides the following capabilities submit file or url get analysis search analyses download resource analysis capabilities notes download resource the following table details all available values for the resource type according to the v2 https //jbxcloud joesecurity org/userguide?sphinxurl=usage/webapi html#v2 analysis download report category values human readable reports html, lighthtml, executive, pdf, classhtml, xml xml, lightxml, classxml, clusterxml, irxml json json, jsonfixed, lightjson, lightjsonfixed, irjson, irjsonfixed other shoots (screenshots), ishots (interesting screen shots), maec, misp, stix, graphreports, memstrings, binstrings, sample, cookbook, bins (dropped files), unpackpe (unpacked pe files), unpack, ida, pcap, pcapslim, memdumps, yara, functionlogs, powershelllogs, eventlogs, classsightml notes the submission id is only available through the integration, the id shown in the browser is not the submission id configurations joe security joe sandbox api key authentication joe security joe sandbox api authentication configuration parameters parameter description type required api key joe security joe sandbox api key string required host the hostname of the joe sandbox instance if it is on prem defaults to cloud url string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions download report resource retrieve a specific resource such as the full report or dropped binaries from a joe security sandbox report, requiring webid and type input argument name type required description webid number required unique identifier run number optional parameter for download report resource type string required type of the resource input example {"webid" 179,"run" 10,"type" "resource type"} output parameter type description file array output field file file file string output field file file file file name string name of the resource output example {"file" \[]} get analysis retrieve detailed analysis for a specific submission in joe security sandbox using the submission id input argument name type required description submission id string required unique identifier input example {"submission id" "140"} output parameter type description submission id string unique identifier name string name of the resource status string status value time string time value most relevant analysis object output field most relevant analysis most relevant analysis webid string unique identifier most relevant analysis detection string output field most relevant analysis detection most relevant analysis score number score value analyses array output field analyses analyses webid string unique identifier analyses time string time value analyses runs array output field analyses runs analyses runs detection string output field analyses runs detection analyses runs error object error message if any analyses runs system string output field analyses runs system analyses runs yara boolean output field analyses runs yara analyses tags array output field analyses tags analyses tags file name string name of the resource analyses tags file string output field analyses tags file analyses analysisid string unique identifier analyses duration number output field analyses duration analyses md5 string output field analyses md5 analyses sha1 string output field analyses sha1 analyses sha256 string output field analyses sha256 analyses filename string name of the resource output example {"json body" {"submission id" "140","name" "sample exe","status" "finished","time" "2019 04 15t08 05 05+00 00","most relevant analysis" {"webid" "179","detection" "clean","score" 30},"analyses" \[{},{}]}} submit file submits a file sample to joe security sandbox for analysis, requiring an attachment as input input argument name type required description attachments array required file to be submitted attachments file string required parameter for submit file attachments file name string required name of the resource params object optional customize the sandbox parameters they are described in more detail in the default submission parameters cookbook array optional cookbook to be used cookbook file string required parameter for submit file cookbook file name string required name of the resource input example {"attachments" \[{"file" "string","file name" "example name"}],"params" {},"cookbook" \[{"file" "string","file name" "example name"}]} output parameter type description submission id string unique identifier output example {"json body" {"submission id" "140"}} submit url submits a url to joe security sandbox for comprehensive analysis and returns the analysis results input argument name type required description url string required url endpoint for the request params object optional customize the sandbox parameters they are described in more detail in the default submission parameters input example {"url" "https //google com"} output parameter type description submission id string unique identifier output example {"json body" {"submission id" "140"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt