Skip to main content

Cyware Orchestrate

Joe Security Sandbox 2.0.0

App Vendor: Joe Security

App Category: Forensics & Malware Analysis

Connector Version: 2.2.1

API Version: API V2

About App

The Joe Security Sandbox is a multi technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis. This enables deep analysis, excellent detection and big evasion resistance.

The Joe Security Sandbox app is configured with Orchestrate to perform the following actions:

Action Name

Description

Get a List of Analysis

This action retrieves a list of analysis.

Get Details of an Analysis

This action retrieves the details of an analysis.

Get Env System

This action lists the available environment systems.

Search Analysis

This action searches an analysis.

Submit URL

This action analyses a URL or a domain name.

Submit File

This action analyses a submitted file.

Get List of Analysis

This action retrieves a list of analysis

Get Analysis Details

This action retrieves details of the analysis.

Download Analysis

This action downloads the analysis of a job.

Generic Action

This action performs a request based on the input parameters.

Submit File from Pre-signed URL

This action submits a file for analysis from a pre-signed URL.

Configuration Parameters

The following configuration parameters are required for the Joe Security Sandbox app to communicate with the Joe Security Sandbox enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

Domain

Enter the domain to connect to.

Example:

  • "https://jbxcloud.joesecurity.org"

  • "http://on-prem-domain.tld/joesandbox/index.php"

Text

Required

API Key

Enter the API key to use for authentication.

Password

Required

Verify

Choose to verify SSL certificate.

Example:

true

Boolean

Optional

Default value:

false

Allowed values:

  • true

  • false

Action: Get List of Analysis

This action retrieve a list of analysis.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Next Page ID

Enter the next page ID to obtain more details of an analysis. By entering the next page ID, you can navigate to the other pages of the analysis.

Example:

"792345"

Text

Optional

You can retrieve the Next Page ID in the response of previous execution of this action.

Example Request 

[
 {
    "next_page": "792345"
  }
]
Action: Get Details of an Analysis

This action retrieves the details of an analysis.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Web ID

Enter the web ID of an analysis.

Example:

"7658"

Text

Required

You can retrieve the web ID of an analysis using Get List of Analysis action.

Example Request 

[
 {
    "webid": "7658"
  }
]
Action: Get Env System

This action lists the available environment systems.

Action Input Parameters

This action does not require any input parameter.

Action: Search Analysis

This action searches an analysis.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query

Enter the query string to search.

Example:

"7658"

Text

Required

  • This action lists the web IDs of the analysis that matches the entered query.

  • This action searches the entered query in MD5, SHA1, SHA256, filename, cookbook name, comment, URL, and report ID.

Example Request 

[
 {
    "query": "7658"
  }
]
Action: Submit URL

This action analyses a URL or a domain name.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

URL

Enter a URL or domain name to analyse.

Example:

  • "sampleurl.com"

  • "http://verify-firsttechsecured.dns05.com/F/login/ses/session_index"

Text

Required

Extra Params

Enter the extra parameters.

Key Value

Optional

Allowed keys:

  • systems (list)

  • comments (str)

  • tags (list)

  • internet-access (bool)

  • internet-simulation (bool)

  • hybrid-code-analysis (bool)

  • hybrid-decompilation (bool)

  • fast-mode (bool)

  • url-reputation (bool)

    Allowed values for parameters accepting boolean as field-type (Example: internet-access, internet-simulation, and so on):

  • 1

  • 0

Example Request 

[
  {
    "url": "sampleurl.com"
  }
]
Action: Submit File

This action analyses a submitted file.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Filepath

Enter a filepath corresponding to the file that needs to be analysed.

Example:

"/tmp/e5f206f7-9d78-4b12-exxxe1-fc687b2f7d0cf/sample_file.pdf”

Text

Required

Filename

Enter the name of the file that needs to be analysed.

Example:

"sample_file.pdf"

Text

Optional

If filename parameter is not passed, then the file name is inferred from the filepath.

Extra Params

Enter any extra parameters.

Key Value

Optional

Allowed keys:

  • systems (list)

  • comments (str)

  • tags (list)

  • internet-access (bool)

  • internet-simulation (bool)

  • hybrid-code-analysis (bool)

  • hybrid-decompilation (bool)

  • fast-mode (bool)

  • url-reputation (bool)

  • archive-password (str)

  • office-files-password (str)

  • command-line-argument (str)

    Allowed values for parameters accepting boolean as field-type (Example: internet-access, internet-simulation, and so on):

    • 1

    • 0

Example Request 

[
  {
    "filepath": "/tmp/e5f206f7-9d78-4b12-exxxe1-fc687b2f7d0cf/.sample_file.pdf",
    "filename": "sample_file.pdf"
  }
]
Action: Get Analysis Details

This action retrieves details of an analysis.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Web ID

Enter the web ID for the analysis. Example:

"7658"

Text

Required

You can retrieve the web ID of an analysis using Get List of Analysis action.

Example Request 

[
 {
    "webid": "7658"
  }
]
Action: Download Analysis

This action downloads the analysis of a job.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Web ID

Enter the web ID to download the analysis of a job.

Example:

"7658"

Text

Required

Example Request 

[
 {
    "webid": "7658"
  }
]
Action: Generic Action

This action performs a request based on the input parameters.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Endpoint

Enter the endpoint to perform the request.

Example:

"server/systems"

Text

Required

Method

Enter the http method to use.

Example:

"POST"

Text

Required

Payload

Enter the payload to pass with a request in a dictionary format.

Example:

“data”: {"message": "Welcome, world!"}

Text

Optional

Query params

Enter the query params to pass with the request.

Example:

“threat_type”: “phishing"

Key Value

Optional

Example Request 

[
  {
    "method": "POST",
    "endpoint": "system/servers",
    "payload": {
      "data": {
        "message": "Welcome, world!"
      }
    },
    "query_params": {
      "threat_type": "phishing"
    }
  }
]
Action: Submit File from Pre-signed URL

This action submits a file for analysis from a pre-signed URL.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Pre-signed URL

Enter a pre-signed URL of the file to submit.

Example:

"https://sampleurl.com"

Text

Required

Filename

Enter the name for the file containing information retrieved from the URL.

Example:

"sample_file"

Text

Required

Extra Params

Enter the extra parameters.

Key Value

Optional

Allowed values for boolean field type:

  • 0

  • 1

Allowed keys:

  • systems (list)

  • comments (str)

  • tags (list)

  • internet-access (bool)

  • internet-simulation (bool)

  • hybrid-code-analysis (bool)

  • hybrid-decompilation (bool)

  • fast-mode (bool)

  • url-reputation (bool)

  • archive-password (str)

  • office-files-password (str)

  • command-line-argument (str)

Example Request 

[
   {
      "url":"https://sampleurl.com",
      "filename":"sample_file"
   }
]