PolySwarm Sandbox
App Vendor: PolySwarm Sandbox
App Category: Forensics & Malware Analysis
Connector Version: 1.1.0
API Version: v3
About App
PolySwarm is a more effective way to detect, analyze, and respond to the latest threats, the ones more likely to go undetected by existing solutions. PolySwarm is powered by a network of threat detection engines. It combines wide coverage from commercial engines, with the ability to detect threats earlier from specialized solutions.
The PolySwarm Sandbox app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Hash Details | This action searches hash details. |
Get Sandbox List | This action gets sandbox providers to obtain the sandbox name and sandbox virtual machine (VM). |
List Sandbox Tasks | This action lists all the sandbox tasks. |
Lookup Sandbox | This action gets a sandbox task by its ID. |
Scan File | This action scans a file. |
Scan URL | This action scans a URL. |
Search Hash by IOC | The action searches for associated hashes to an IP, URL, imphash, or MITRE tactics, techniques, and procedures (TTP). |
Search IOC by Hash | This action searches IOCs by hash value. |
Submit File | This action submits a file for sandboxing. |
Configuration Parameters
The following configuration parameters are required for the PolySwarm Sandbox app to communicate with the PolySwarm Sandbox enterprise application. The parameters can be configured by creating instances in the application.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to connect with PolySwarm. | Text | Required | |
API Token | Enter the API token to authenticate with PolySwarm. | Password | Required | |
Community Name | Enter the community name. Example: private | Text | Optional | Allowed values:
Default value: default |
Action: Get Hash Details
This action searches hash details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash Value | Enter a valid hash. Example: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f | Text | Required |
Action: Get Sandbox List
This action gets all the sandbox providers to obtain the sandbox name and sandbox virtual machine (VM).
Action Input Parameters
No input parameters are required for this action.
Action: List Sandbox Tasks
This action lists all the sandbox tasks.
Action Input Parameters
No input parameters are required for this action.
Action: Lookup Sandbox
This action gets a sandbox task by its ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Task ID | Enter the task ID. Example: 53445563653708569 | Text | Required |
Action: Scan File
This action scans a file. You can pass either the file path or the pre-signed URL for scanning the file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File Path | Enter the file path where the file is stored. | Text | Optional | |
Presigned URL | Enter the pre-signed URL to download the file to the environment and upload it to PolySwarm for scanning. | Text | Optional | |
Community Name | Enter the community name. Example: private | Text | Optional | Allowed values:
Default value: default |
Action: Scan URL
This action scans a URL.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL to be scanned. Example: https://polyswarm.io | Text | Required | |
Community Name | Enter the community name. Example: private | Text | Optional | Allowed values:
Default value: default |
Action: Search Hash by IOC
The action searches for associated hashes to an IP, URL, imphash, or MITRE tactics, techniques, and procedures (TTP).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP value | Enter the IP. Example: 1.1.1.1 | Text | Optional | |
Domain Value | Enter the domain. Example: exampledomain.com | Text | Optional | |
Mitre TTP | Enter the MITRE TTP ID. Example: t1060 | Text | Optional | |
Imphash | Enter the imphash value. | Text | Optional | |
Community Name | Enter the community name. Example: private | Text | Optional | Allowed values:
Default value: default |
Action: Search IOC by Hash
This action searches IOCs by hash value.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash type | Enter the hash type. Example: SHA-256 | Text | Required | |
Hash value | Enter the hash value. Example: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f | Text | Required | |
Hide Known Good | Enter false to disable. | Boolean | Optional | Allowed values:
Default value: true |
Community Name | Enter the community name. Example: private | Text | Optional | Allowed values:
Default value: default |
Action: Submit File
This action submits a file for sandboxing.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sandbox Name | Enter the sandbox name. Example: triage | Text | Required | |
Community Name | Enter the community name. Example: private | Text | Optional | Allowed values:
Default value: default |
Sandbox VM | Enter the sandbox virtual machine (VM). Example: win10-build-15063 | Text | Required | |
File Path | Enter the file path where the file is stored. | Text | Optional | |
Presigned URL | Enter the pre-signed URL to download the file and then submit it for sandboxing. | Text | Optional | |
Network Enabled | Enter true to control the network access for a sandbox execution. | Boolean | Optional | Allowed values:
|