This workflow template enables security analysts to automate malware analysis by submitting a file to the Netskope Sandbox via a webform. The procedure begins by calculating the file's hash and checking a local cache for a prior analysis. If no cached result is found, the file is sent to the Netskope Sandbox for a thorough examination. The final analysis, including the verdict and any Tactics, Techniques, and Procedures (TTPs) identified, is displayed back on the webform. This efficient process aids threat hunting and intelligence enrichment by quickly analyzing potentially malicious files.
Optional Triggers
"This workflow can be also used as a nested function, removing the form steps."
Use Cases
Threat Hunting , Threat Intelligence Enrichment
Workflow Breakdown
Receives a File from a webform.
Calculates the Hash of the file.
Lookup for the hash on the local cache to return a previous analysis.
Submits a file to Netskope Sandbox when no entry on local cache is found.
Extract Verdict and TTPs and show them as a result on a Webform.
Vendors
Utils, Torq, Netskope
Workflow Output
When the file is supported for analysis the result will be shown on a webform otherwise a "File Type not supported" error is returned.
Tips
Netskope Sandbox only supports binary files