Integration Details

ThreatQuotient provides the following details for this integration:

Introduction

The Joe Sandbox operation submits files, and URLs, for analysis in Joe Sandbox Cloud. After the report has run, you can get the details of the analysis, upload the report to ThreatQ, along with all the IOCs generated from the malware detonation in the sandbox.

The operation provides the following actions:

• Get URL Report - retrieves Reports from Joe Sandbox.
• Submit URL Sample - submits a URL to Joe Sandbox for analysis.
• Get File Report - retrieves Reports from Joe Sandbox.
• Submit File - submits a File to Joe Sandbox for analysis.

The operation is compatible URL type indicators and Files.  

Installation

Configuration

ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.

To configure the integration:

1. Navigate to your integrations management page in ThreatQ.
2. Select the Operation option from the Type dropdown (optional).
3. Click on the integration entry to open its details page.
4. Enter the following parameter under the Configuration tab:

   Parameter	Description
   API Key	API Key for authenticating with Joe Sandbox.

5. Review any additional settings, make any changes if needed, and click on Save.
6. Click on the toggle switch, located above the Additional Information section, to enable it.

Actions

The operation provides the following actions:

Change Log

• Version 1.1.1
  • Added functionality to work over a proxy.
• Version 1.1.0
  • Updated the integration to use the latest Joe Sandbox SDK v3.13.0.
  • Enhanced the exception handling, and added docstrings.
• Version 1.0.1
  • Initial Release