View Malware Analysis Report
After you upload a file or submit a URL for malware analysis, you can view the detailed analysis performed by the sandbox tool.
To view the detailed analysis report, do the following:
Navigate to Main Menu, and select Sandbox under Analysis.
Select a record to open it. You can view the detailed analysis performed on the file or URL in the form of an HTML report, and the IOCs fetched from the uploaded file or URL.
The IOCs report includes all the IOCs reported by the tool while analyzing the file or URL.
Joe Security Sandbox provides the submission details, IPs, and URLs detected while analyzing the file or URL.
The Analysis report provides a full-fledged HTML report including information, such as confidence score, detection verdict, behavior signatures, behavior graphs, threat intel, and more.
For successful submissions, you can check the verdict of the analysis. For more information on how the verdict from Joe Security is mapped to CTIX, see Verdict Mapping between Joe Security Sandbox and CTIX. The verdict in CTIX can be:
Malicious: The file is analyzed and found malicious.
Non-Malicious: The file is analyzed and found not malicious.
NA: The configured sandbox tool has returned Null or Not Applicable as the result for the analyzed file.
Suspicious: The file is found suspicious. Suspicious indicates that the executed file or URL may or may not be malicious.
Unknown: The configured sandbox tool is unable to identify if the analyzed file or URL is malicious or not.
If the application is unable to fetch the report due to the report size, the system provides you the option to refresh the page and fetch the report. If the application is still unable to fetch the report after refreshing the page three times, you will get a URL to view the report on the sandboxing tool's platform. You can also use View in Sandbox Tool option on the top right corner to view the reports in the sandboxing tool's platform.
You can further use this information to create intel, tasks, and notes in the application. For more information, see:
Verdict Mapping between Joe Security Sandbox and CTIX
The mapping between verdicts defined in Joe Security Sandbox and CTIX for the files or URLs analyzed is as follows:
Joe Verdict | CTIX Verdict |
---|---|
Clean | Non-Malicious |
Malicious | Malicious |
Unknown | Unknown |
Null | NA |
Suspicious | Suspicious |