Recorded Future Sandbox
App Vendor: Recorded Future Sandbox
App Category: Forensics & Malware Analysis
Connector Version: 1.0.1
API Version: V0
About App
Recorded Future Sandbox enables security and IT teams to analyze and understand files and URLs, which provides safe and immediate behavioral analysis, helping contextualize key artifacts in an investigation, and leading to faster triage.
The Recorded Future Sandbox app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Full Report | This action returns the full report on the submitted sample. |
Get Report Summary | This action returns the summary of the submitted sample. |
Submit File Sample | This action submits file samples to Recorded Future Sandbox. |
Submit URL as Sample | This action submits URL samples to Recorded Future Sandbox. |
Generic Action | This is a generic action used to make requests to any Recorded Future Sandbox endpoint. |
Configuration Parameters
The following configuration parameters are required for the Recorded Future Sandbox app to communicate with the Recorded Future Sandbox enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to authenticate with Recorded Future Sandbox. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Recorder Future Sandbox. | Integer | Optional | Allowed range: 15-120 secs default: 15 secs |
Verify | Choose your preference to verify the SSL/TLS certificate while making requests. | Boolean | Optional | Default value: true |
Action: Get Full Report
This action returns the overview of the sample and its analysis tasks. The overview contains all the high-level information related to the sample including malware configuration, signatures, scoring, and more.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the sample ID. Example: "201026-n8zz26cd4s" | Text | Required |
Action: Get Report Summary
This action returns a summary of the sample and its analysis tasks.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the sample ID. Example: "200606-l5dz9871we" | Text | Required |
Action: Submit File Sample
This action submits a file as a sample.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File Path | Enter the file path. Example: /tmp/sample.txt | Text | Required | |
Additional Data | Enter the additional parameters. | Key Value | Optional | Available parameters:
|
Action: Submit URL as Sample
This action submits a URL as a sample. The URL submitted will download the sample.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL that is to be submitted. Example: http://example.org/ | Text | Required |
Action: Generic Action
This is a generic action used to transcend the actions implemented by making a request to any Recorded Future Sandbox endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the call. | Text | Required | Allowed values are GET, POST, and DELETE. |
Endpoint | Enter the endpoint to make the request. Example: /samples | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields. | Key Value | Optional | Allowed keys:
|