Joe Sandbox
This document explains how to set up and use the Joe Sandbox premium intelligence source with the TruSTAR Web App.
Joe Sandbox executes files and URLs fully automated in a controlled environment and monitors the behavior of applications and the operating system for suspicious activities and compiles it in an extensive analysis report.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Time to Install: 10 minutes
Data Types
The integration pulls all Observables supported by TruSTAR.
Requirements
- Registered customer of Joe Security
- Joe Sandbox Cloud API key
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side navigation bar.
- Choose Premium Intel.
- Click Subscribe in the Joe Sandbox icon.
- Enter your Joe Sandbox API key, then click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
Report Mapping
Field | Explanation |
Report Title | Sample field of target block of json response if available, else url field Example: WbPmrTtnkw |
External ID | Encoded value of (webid) field of first json response Example: encoded value of (752112) |
Report Body | Full JSON response from Joe Sandbox |
Time Begun | Combined start_date and start_time field of second json response Example: 20/12/2019 19:48:25 |
Tags | Score and malicious field of signature detections field of json response Example: [“confidence:64”, “Maliciousness:true”] |
Deeplink | Example: https://jbxcloud.joesecurity.org/analysis/XXXXXX/0/html?eg: XXXX |
Client Type | PYTHON SDK |
Client Meta Tag | ‘trustash’ |
Known Issues
None reported.
Please reach out to support@trustar.co if you have issues with this integration.