New Solution: JoeSandbox Threat Intelligence and Malware Analysis Platform Integration

Data Source

JoeSandbox Cloud malware analysis platform providing:

• Automated sample submission and analysis (files/URLs)
• Threat intelligence IOC feeds
• Behavioral analysis reports and indicators

Ingestion Mechanism

Multi-component integration:

• Function App-based: Automated threat intelligence feed connector using Azure Functions
• Logic App Playbooks: Manual/triggered analysis workflows for incident enrichment
• Custom table: ThreatIntelligenceIndicator table population with JoeSandbox IOCs

Detection Surface Unlocked

Threat Intelligence Integration: Automated IOC ingestion from JoeSandbox feeds enriches Microsoft Sentinel threat detection capabilities

Malware Analysis Workflows:

• Incident-triggered URL analysis playbook automatically submits suspicious URLs for sandbox analysis
• Email attachment analysis playbook processes Outlook attachments through JoeSandbox
• Analysis results added as incident comments with detailed behavioral reports

Bundled Content

• Data Connector: JoeSandbox Threat Intelligence Feed (Function App)
• Playbooks: URL submission for incidents, Outlook attachment analysis
• Hunting Queries: 10 queries for analyzing JoeSandbox data including submission trends, malware family analysis, and IOC correlation

Affected Files

Logos/joesandbox.svg
Solutions/JoeSandbox/Data Connectors/JoeSandbox/__init__.py
Solutions/JoeSandbox/Data Connectors/JoeSandbox/app.py
Solutions/JoeSandbox/Data Connectors/JoeSandbox/const.py
Solutions/JoeSandbox/Data Connectors/JoeSandbox/function.json
Solutions/JoeSandbox/Data Connectors/JoeSandbox/joesandbox.py
Solutions/JoeSandbox/Data Connectors/JoeSandbox/state_manager.py
Solutions/JoeSandbox/Data Connectors/JoeSandbox/utils.py
Solutions/JoeSandbox/Data Connectors/JoeSandboxThreatIntelligence_FunctionApp.json
Solutions/JoeSandbox/Data Connectors/Logo/joesandbox.svg
Solutions/JoeSandbox/Data Connectors/azuredeploy_JoeSandboxThreatIntelligenceFuncApp_AzureFunction_flex.json
Solutions/JoeSandbox/Data Connectors/azuredeploy_JoeSandboxThreatIntelligenceFuncApp_AzureFunction_premium.json
Solutions/JoeSandbox/Data Connectors/host.json
Solutions/JoeSandbox/Data Connectors/proxies.json
Solutions/JoeSandbox/Data Connectors/requirements.txt
Solutions/JoeSandbox/Images/01.png
Solutions/JoeSandbox/Images/02.png
Solutions/JoeSandbox/Images/02a.png
Solutions/JoeSandbox/Images/03.png
Solutions/JoeSandbox/Images/04.png
Solutions/JoeSandbox/Images/05.png
Solutions/JoeSandbox/Images/06.png
Solutions/JoeSandbox/Images/07.png
Solutions/JoeSandbox/Images/08.png
Solutions/JoeSandbox/Images/09.png
Solutions/JoeSandbox/Images/10.png
Solutions/JoeSandbox/Images/11.png
Solutions/JoeSandbox/Images/12.png
Solutions/JoeSandbox/Images/13.png
Solutions/JoeSandbox/Images/14.png
Solutions/JoeSandbox/Images/38.png
Solutions/JoeSandbox/Images/app_per.png
Solutions/JoeSandbox/Images/email_playbook.png
Solutions/JoeSandbox/Images/ti_feed.png
Solutions/JoeSandbox/Images/url_playbook.png
Solutions/JoeSandbox/Package/testParameters.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxDownloadAnalysisReport/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxDownloadAnalysisReport/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxDownloadAnalysisReport/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetAnalysisInfo/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetAnalysisInfo/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetAnalysisInfo/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetIOCs/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetIOCs/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetIOCs/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetIOCs/utils.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetSubmissionInfo/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetSubmissionInfo/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxGetSubmissionInfo/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSearchAnalysis/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSearchAnalysis/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSearchAnalysis/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSubmitFile/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSubmitFile/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSubmitFile/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSubmitUrl/__init__.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSubmitUrl/app.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/JoeSandboxSubmitUrl/function.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/azuredeploy.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/host.json
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/joesandbox.py
Solutions/JoeSandbox/Playbooks/CustomConnector/JoeSandboxEnrichment_FunctionAppConnector/requirements.txt
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-File-Outlook-Attachment/Images/email_playbook.png
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-File-Outlook-Attachment/Images/outlook_attchment_playbook.png
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-File-Outlook-Attachment/Images/outlook_incident_comment.png
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-File-Outlook-Attachment/azuredeploy.json
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-File-Outlook-Attachment/readme.md
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-Url-Sentinel-Incident/Images/incident_url_comment.png
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-Url-Sentinel-Incident/Images/incident_url_playbook.png.png
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-Url-Sentinel-Incident/Images/url_playbook.png
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-Url-Sentinel-Incident/azuredeploy.json
Solutions/JoeSandbox/Playbooks/JoeSandbox-Submit-Url-Sentinel-Incident/readme.md
Solutions/JoeSandbox/README.md
(packaging artefacts: 3.0.0.zip, JoeSandboxConn.zip, JoeSandboxEnrichment.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_JoeSandbox.json, createUiDefinition.json, mainTemplate.json)