Joe Sandbox

Version: 1.5
Updated: Mar 6, 2024
Execute suspicious files and URLs for analysis during incident investigation using Joe Security Sandbox.
Actions
- Download Analysis Report (Enrichment) - Download an analysis report.
- Info Analysis (Enrichment) - View analysis gathered for a specific piece of evidence.
- List Analysis (Enrichment) - List all available analysis documents.
- List Systems (Enrichment) - List all available systems.
- Get Report (Enrichment) - Get an analysis report.
- Search Analysis (Enrichment) - Search for a specific analysis document.
- Submit URL (Enrichment) - Submit a URL for analysis.
- Submit File (Enrichment) - Submit a file for analysis.
- Check Submission Status (Scheduled) - Check the status of URL/File Submission.
External Libraries
Configure Joe Sandbox in Automation Service and Cloud SOAR
Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.
- Access App Central and install the integration.
- Select the installed integration in the Integrations page.
Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations. - Select the integration.
- Hover over the resource name and click the Edit button that appears.
- In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
For information about Joe Sandbox, see Joe Sandbox documentation.
Change Log
- September 25, 2019 - First upload
- January 25, 2023 - Added Connection Timeout field
- July 18, 2023 (v1.4) - Updated the integration with Environmental Variables
- March 6, 2024 (v1.5)
- Added new action: Check Submission Status
- Action renamed from Download Resource Analysis to Download Analysis Report
- Action renamed from Print Report to Get Report
- Updated with new Cloud SOAR API