Skip to main content

Cyware Threat Intelligence eXchange

Cyware Sandbox

Notice

This feature is available in Intel Exchange v3.7.5.0 (EA) onwards. Contact your Cyware sales or support representative to gain access to Cyware Sandbox.

Sandbox provides a secure and isolated environment to safely execute suspicious files or URLs. By analyzing artifacts in a controlled setup, security teams can investigate unknown threats, detect malicious behavior, and avoid exposing live systems. This supports enhanced threat intelligence and helps generate actionable Indicators of Compromise (IOCs).

Each analysis results in a verdict, such as Malicious, Benign, Suspicious, Unknown, or Not Applicable, allowing analysts to accurately assess the nature and severity of the threat. 

Capabilities

You can use the following capabilities based on the depth of your analysis:

  • Scan: Perform a quick scan of files or URLs to receive an immediate threat verdict. This lightweight method is useful when fast decision-making is required. For more information, see Scan.

  • Sandbox: Submit a file or URL for deep behavioral analysis. The sandbox records detailed activity and produces a comprehensive report that can be reviewed anytime. For more information, see Sandbox.

sandbox.png
Use Cases

You can use the sandbox to detect, analyze, and respond to threats across the following use cases:

  • Test suspicious files or URLs: Examine unknown files or links before interacting with them, especially when received from unfamiliar sources.

  • Detect advanced threats: Identify behaviors associated with zero-day malware that may be missed by traditional security tools.

  • Analyze threats safely: Run potentially malicious content in an isolated environment without affecting live systems.

  • Enhance threat intelligence: Import analysis results into Intel Exchange. Use enrichment tools to add context, assign confidence scores, and generate deeper insights.

Frequently Asked Questions
What is the difference between Scan and Sandbox?

Scan performs a quick surface-level check. Sandbox conducts a deeper analysis with detailed reporting.

What types of files and URLs can be analyzed?

You can submit common file types such as executables, archives, documents, and standard URLs for analysis.

  • Supported file extensions include: .dll, .upx, .exe, .msi, .chm, .hta, .iqy, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pub, .pub2016, .zip, .one, .mht, .hwp, .ich, .inp, .pdf, .rtf, .slk, .swf, .html, .bat, .ps1, .js, .jse, .vbe, .pl, .py, .vbs, .wsf, .apk, .dex, .jar, .lnk, .url, .jnlp, .reg, .xslt, .xps.

  • URLs in standard formats (HTTP/HTTPS links) are also supported.