Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Joe Sandbox is a multi technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis. Rather than focus on one technology Joe Sandbox combines the best parts of multiple techniques. This enables deep analysis, excellent detection and big evasion resistance.

Connect Joe Security Sandbox with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Joe Security Sandbox.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. API Key: API key for Joe Security Sandbox

  9. URL (Optional. Leave Empty For Default): URL to your Joe Security Sandbox instance. Default is https://jbxcloud.joesecurity.org/api.

  10. ACCEPT JOE SANDBOX CLOUD TERMS AND CONDITIONS: Accept the Terms and Conditions of Joe Sandbox Cloud (https://jbxcloud.joesecurity.org/download/termsandconditions.pdf). This is required if you are using 'Joe Sandbox Cloud'.

  11. After you've entered all the details, click Connect.

Actions for JoeSecurity Sandbox

Analysis Info

Show information about analysis.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

WEB ID COLUMN NAME

Column name from parent table that contains web id. This ID is identified as an analysis.

Required

Output

The analysis results in JSON format.

Submit File

Submit a file to JoeSecurity Sandbox for analysis.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

File ID Column Name

Column name from parent table that contains file id to be submitted.

Required

Comment Column Name

Column name from parent table that contains comment for the analysis.

Required

System

Select Server System to run analysis on.

Required

Should Wait

Should the command wait for the result of the analysis.

Required

Internet Access

Enable full internet access. Default is True.

Optional

Additional Parameters

Enter jinja-templated JSON of additional parameters (optional or otherwise). Note: This will override values (if provided) for the above input fields like System, Comment, and Internet-Access.

For more information on parameters, refer to https://jbxcloud.joesecurity.org/userguide?sphinxurl=usage/webapi.html#apiv2-submission-new.

Example:

Optional

``` {json}{ "systems": null, "fast-mode": true, "export-to-jbxview": true }

### Output

Result in JSON format when should_wait is false.

![](https://files.readme.io/15f2729-Screenshot_2019-10-22_at_10.10.49_PM.png "Screenshot 2019-10-22 at 10.10.49 PM.png")

## Submit URL

Submit a URL to JoeSecurity Sandbox for analysis.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name | Description | Required |
| : --------  | : --------  | : --------  |
| URL Column Name | Column name from parent table that contains URL to be analyzed. | Required |
| Comment Column Name | Column name from parent table that contains comment for the analysis. | Required |
| System | Select Server System to run analysis on. | Required |
| Should Wait | Should the command wait for the result of the analysis. | Required |
| Internet Access | Enable full internet access. Default is True. | Optional |
| Additional Parameters | Enter [jinja-templated](doc:jinja-template) JSON of additional parameters (optional or otherwise). Note: This will override values (if provided) for the above input fields like System, Comment, Internet-Access.  
For more information on parameters, refer to <https://jbxcloud.joesecurity.org/userguide?sphinxurl=usage/webapi.html#apiv2-submission-new>.  
Example: | Optional |



``` {json}{
  "systems": null,
  "fast-mode": true,
  "export-to-jbxview": true
}

Output

Result in JSON format when should wait is false.

Download Report

Download a resource belonging to a report. This can be the full report, dropped binaries, and so on.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Web ID Column Name

Column name from parent table that contains web ID.

Required

Report Type

The resource type to download. Defaults to HTML.

Optional

Output

File ID of the downloaded report in JSON format.

Download Sample

Download the sample file of analysis. for security reasons, the extension will be "dontrun".

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Web ID Column Name

Column name from parent table that contains web ID.

Required

Output

File ID of the downloaded JSON sample.

Is Online

Check if Joe Sandbox is online or in maintenance mode.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

Status data in JSON format.

List Analyses

List all analyses that are present on JoeSecurity Sandbox.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Explode Results

Select whether to return separate rows for each result or a single row containing all results. Default is Separate Rows.

Optional

Output

Results in JSON format.

Search Analyses

Search through all analyses.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Query Column Name

Column name from parent table that contains a query string. The query string will be used to search. The server considers the following fields: md5, sha1, sha256, filename, URL, comments.

Required

Output

Search Results in JSON format.

Delete Analysis

Delete analysis by webID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Web ID

Jinja-templated text containing webID.

Required

Output

Results in JSON format.

``` {json}{

"has_error":false, "result":{"deleted":true}, "error":null

} ```

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

  • No labels