Skip to main content

Cyware Orchestrate

Joe Security Sandbox 1.0.0

App Vendor: Joe Security

App Category: Forensics & Malware Analysis

Connector Version: 1.0.0

API Version: 2.0.0

About App

Joe Security Sandbox is a multi technology platform that uses instrumentation, simulation, hardware virtualization, hybrid, and graph (static and dynamic) analysis for malware analysis. The Joe Security Sandbox app enables security teams to integrate with the Joe Security Sandbox enterprise application to analyze files and URLs.

The Joe Security Sandbox app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Get a List of Analysis

This action retrieves a list of analysis from the Joe Security Sandbox application.

Get Details of an Analysis

This action retrieves the details of an analysis using the web ID of the analysis.

Get a List of System Environments

This action retrieves a list of system environments on the server from the Joe Security Sandbox application.

Search Analysis

This action searches for an analysis in the Joe Security Sandbox application.

Submit URL for Analysis

This action submits a website URL for analysis using the URL and additional parameters.

Submit File for Analysis

This action submits a file for analysis using the filepath and additional parameters.

Configuration Parameters

The following configuration parameters are required for the Joe Security Sandbox app to communicate with the Joe Security Sandbox enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

Base URL

Enter the Joe Security Sandbox cloud domain.

Example:

"https://jbxcloud.joesecurity.org"

Text

Required

API Key

Enter the Joe Security Sandbox API key

Text

Required

SSL Verification

Optional preference to either verify or skip the SSL verification.

Example:

True

Boolean

Optional

Allowed values:

  • True

  • False

Default value: False

Action: Get a List of Analysis

This action retrieves a list of analysis from the Joe Security Sandbox application.

Action Input Parameters

This action does not require any input parameter.

Action: Get Details of an Analysis

This action retrieves the details of an analysis using the web ID of the analysis.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Web ID

Enter the web ID of the analysis.

Example:

"792650"

Text

Required

You can retrieve the Web ID using the Get a List of Analysis action.

Example Request 

[
   {
      "webid": "792650"
   }
]
Action: Get a List of System Environments

This action retrieves a list of system environments on the server from the Joe Security Sandbox application.

Action Input Parameters

This action does not require any input parameter.

Action: Search Analysis

This action searches for an analysis in the Joe Security Sandbox application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query String

Enter the query string.

Example:

"792650"

Text

Required

Allowed values:

  • MD5

  • SHA1

  • SHA256

  • filename

  • cookbook name

  • comment

  • URL

  • report ID

Example Request 

[
   {
      "query": "792650"
   }
]
Action: Submit URL for Analysis

This action submits a website URL for analysis using the URL and additional parameters.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

URL

Enter the URL.

Example:

"https://www.reddit.com/r/LeipzigvPsgliveUcl/"

Text

Required

Additional Parameters

Enter additional parameters in key-value pairs.

Example:

{"fast-mode": True }

Key Value

Optional

Allowed values:

  • Boolean (1 and 0)

  • systems (list)

  • comments (str)

  • tags (list)

  • internet-access (boolean)

  • internet-simulation (boolean)

  • hybrid-code-analysis (boolean)

  • hybrid-decompilation (boolean)

  • fast-mode (boolean)

  • url-reputation (boolean)

Example Request 

[
   {
      "url": "https://www.reddit.com/r/LeipzigvPsgliveUcl/",
      "extra_params": {
                    "fast-mode": True
        }
   }
]
Action: Submit File for Analysis

This action submits a file for analysis using the filepath and additional parameters.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Filepath

Enter the filepath.

Example:

"/home/sally/statusReport"

Text

Required

Additional Parameters

Enter additional parameters in key-value pairs.

Example:

{ "fast-mode": True }

Key Value

Optional

Allowed values:

  • Boolean values (1 and 2)

  • systems (list)

  • comments (str)

  • tags (list)

  • internet-access (boolean)

  • internet-simulation (boolean)

  • hybrid-code-analysis (boolean)

  • hybrid-decompilation (boolean)

  • fast-mode (boolean)

  • url-reputation (boolean)

  • archive-password (str)

  • office-files-password (str)

  • command-line-argument (str)

Example Request 

[
   {
      "file_path": "/home/sally/statusReport",
      "extra_params": {
                    "fast-mode": True
        }
   }
]