Joe Sandbox

Overview

This integration provides tools to interact with the Joe Sandbox analysis service, allowing you to search for existing reports and submit files or URLs for detonation.

Available Tools

Search Hash

Tool Name: joe_sandbox_search_hash

Description: Search for a hash in sandbox records.

Arguments:

  • case_id (string, required): The ID of the case.

  • alert_group_identifiers (List[string], required): Identifiers for the alert groups.

  • target_entities (List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Typically runs on Filehash entities. Defaults to empty list.

  • scope (string, optional): Defines the scope for the action. Defaults to “All entities”.

Returns:

  • dict: A dictionary containing the result of the action execution, including any found analysis reports for the hash.

Detonate File

Tool Name: joe_sandbox_detonate_file

Description: Scan file and fetch its reputation. Note : This action requires Pro level account.

Arguments:

  • case_id (string, required): The ID of the case.

  • alert_group_identifiers (List[string], required): Identifiers for the alert groups.

  • file_paths (string, required): The paths of the files to scan comma separated.

  • comment (Optional[str], optional): The comment to add to the entry. Defaults to None.

  • report_format (Optional[str], optional): The format of the report. Defaults to None.

  • target_entities (List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

  • scope (string, optional): Defines the scope for the action. Defaults to “All entities”.

Returns:

  • dict: A dictionary containing the result of the action execution, including the analysis report.

Ping

Tool Name: joe_sandbox_ping

Description: Test Connectivity.

Arguments:

  • case_id (string, required): The ID of the case.

  • alert_group_identifiers (List[string], required): Identifiers for the alert groups.

  • target_entities (List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

  • scope (string, optional): Defines the scope for the action. Defaults to “All entities”.

Returns:

  • dict: A dictionary containing the result of the action execution.

Search Url

Tool Name: joe_sandbox_search_url

Description: Search for a URL in sandbox records.

Arguments:

  • case_id (string, required): The ID of the case.

  • alert_group_identifiers (List[string], required): Identifiers for the alert groups.

  • target_entities (List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Typically runs on URL entities. Defaults to empty list.

  • scope (string, optional): Defines the scope for the action. Defaults to “All entities”.

Returns:

  • dict: A dictionary containing the result of the action execution, including any found analysis reports for the URL.