Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Joe Sandbox Analyser Issue #44

Closed
bullerdude opened this issue May 3, 2017 · 6 comments
Closed

Joe Sandbox Analyser Issue #44

bullerdude opened this issue May 3, 2017 · 6 comments
Assignees
@saadkadhi
Labels
category:enhancement Issue is related to an existing feature to improve scope:question
Milestone
1.4.0

Comments

@bullerdude
Copy link

Request Type

Question

Work Environment

Cortex 1.0.2
Ubuntu 16.04

Problem Description

We are attempting to setup the Joe Sandbox analyser to connect our Online Joe Sandbox cloud account. Can you please confirm that the analyser supports a Joe Sandbox Cloud instance?

We are seeing numerous JSON decoding / structure errors.
@saadkadhi saadkadhi added scope:question category:enhancement Issue is related to an existing feature to improve labels May 3, 2017
@saadkadhi
Copy link
Contributor

Hi @bullerdude, as stated on the blog:
Joe Sandbox, by Joe Security LLC, is a very powerful malware analysis platform that has been around for many years and comes in two flavors: cloud and on-premises. The Joe Sandbox Cortex analyzer has been tested using an on-prem Joe Sandbox Ultimate version and can process URLs and files. The analyzer can process files with or without Internet access.

We haven't tested the analyzer with Joe Sandbox Cloud. We will try to support that version as well. We are going to get in touch with Joe Security LLC. In the meantime, it could help if you can share the (anonymized) log errors either here or by sending us an email to [email protected].

@bullerdude
Copy link
Author

bullerdude commented May 3, 2017
edited
Loading

Hi @saadkadhi, we have been looking into the error this afternoon and discovered that the error was actually the result of a missing field in the POST data when a file/url for analysis. It seems that Cloud version has a 'Terms and Conditions' field that must be set to '1' otherwise the analysis to fail. It took a while to find due to the way Cortex reports error messages.

I would suggest the analyser be updated which this additional POST parameter that is triggered via a new configuration option that specifies whether the Analyser is connecting to an onprem or cloud instance.

@saadkadhi
Copy link
Contributor

Thanks for your troubleshooting @bullerdude. Would you be able to submit a PR to fix the missing POST data? We will review it to make sure it doesn't break things for on-prem users and release an updated analyzer.

Also, if you have any suggestions on how to improve Cortex error reporting, please submit an issue on the Cortex repository.

@ant1
Copy link
Contributor

ant1 commented May 3, 2017
edited
Loading

Please try 84937e2

@nadouani nadouani modified the milestone: 1.3.1 May 11, 2017
@saadkadhi
Copy link
Contributor

@bullerdude The Joe Sandbox analyzer now supports the Cloud version. Check out hotfix/1.4.1.

@js2n8
Copy link

js2n8 commented Jul 17, 2023

Hello my company has been trying to register for joes sandbox for over a month now, but until this time we have not heard back from them, are we doing something wrong in the registration or its just that joes do not take any more registration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saadkadhi saadkadhi

Labels
category:enhancement Issue is related to an existing feature to improve scope:question
Projects
None yet
Milestone
1.4.0
Development

No branches or pull requests
5 participants
@nadouani @saadkadhi @ant1 @bullerdude @js2n8