/joesandbox_crits

Integration of Joe Sandbox for the Threat Intelligence Platform CRITs

Primary LanguagePythonMIT LicenseMIT

Joe Sandbox CRITs

The Joe Sandbox CRITs service allows you to access the full power of Joe Sandbox from inside CRITs.

CRITs sends sample to Joe Sandbox which re-inserts ips, domains, screenshots, dropped files and the full report.

The service automatically extracts many IOCs from the sample and inserts them automatically into CRITs enabling analysts to understand the connection between multiple samples.

Installation

A more general description is available on the CRITs github page.

This guide assumes you installed the [CRITs services repository] in /data/crits_services.

  1. Clone this repository into /data/crits_services/joesandbox_crits
  2. Run cd /data/crits_services && ./bootstrap to install all dependencies.
  3. Configure the service in the CRITs web interface.

Joe Sandbox service button