Skip to main content

Cyware Threat Intelligence eXchange

Integrate with Joe Security Sandbox

Connector Category: Sandboxing Tools

CTIX integrates with Joe Security Sandbox to enable security analysts to analyze files and URLs on Windows, MacOS, Android, and Linux environments. This integration provides a higher detection rate, in-depth analysis, and evasion resistance. For more details about Joe Sandbox, see Joe Security Sandbox Product Documentation.

Before you Start

  • You must Integrate Orchestrate in CTIX to establish a connection between the two platforms. For more information, see Integrate Orchestrate with CTIX.

  • In Orchestrate, you must install the Joe Security Sandbox app to access it in CTIX. For more information, see Install Apps from Appstore in CO.

  • You must have the API key of your Joe Security Sandbox account.

  • Your user group must have permission to create and view tool integrations.

Note

For on-premise deployments, ensure that the following requirement is met:

  • To utilize the default storage of sandbox to store suspicious files and the sandbox analysis reports, add Cyware's AWS S3 cloud storage link to your Allow List. To get the cloud storage link, contact Cyware support.

  • To utilize a different AWS S3 cloud storage, add the cloud storage link to your Allow List.

Steps

  1. Sign in to the CTIX application.

  2. Navigate to Administration, select Integration Management, and select Sandboxing Tools under Internal Applications.

  3. Click Joe Security Sandbox.

  4. To add a new instance, enter a unique name to identify the specific configuration of the Joe Security Sandbox account in CTIX.

  5. Enter the base URL to connect directly to the application's server, such as https://sitename.com/directoryname/. By default, the base URL is prefilled, however, you can edit it.

  6. Enter the API key to authorize the application.

  7. Click Save.