Joe Sandbox
This document explains how to set up and use the intel feed from Joe Sandbox.
Joe Sandbox executes files and URLs fully automated in a controlled environment and monitors the behavior of applications and the operating system for suspicious activities and compiles it in an extensive analysis report.
- Time to Install: 10 minutes
- Type of Feed: Automatic updates
- Update Frequency: 15 minutes
- Intel Type: Premium
Data Types
The integration pulls all observables supported by TruSTAR.
Requirements
- Registered customer of Joe Security
- Joe Sandbox Cloud API key
Getting Started
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side menu.
- Choose Closed Sources.
- Click Subscribe in the Joe Sandbox icon.
- Enter your Joe Sandbox API key, then click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
Report Mapping
Field | Explanation |
Report Title | Sample field of target block of json response if available, else url field Example: WbPmrTtnkw |
External ID | Encoded value of (webid) field of first json response Example: encoded value of (752112) |
Report Body | Full JSON response from Joe Sandbox |
Time Begun | Combined start_date and start_time field of second json response Example: 20/12/2018 19:48:25 |
Tags | Score and malicious field of signature detections field of json response Example: [“confidence:64”, “Maliciousness:true”] |
Deeplink | Example: https://jbxcloud.joesecurity.org/analysis/744288/0/html?eg: …/analysis/”analysis id” … |
Client Type | PYTHON SDK |
Client Meta Tag | ‘trustash’ |
Known Issues
None reported.
