Skip to main content
All CollectionsTemplatesIntermediate
Analyze Files in Netskope Sandbox with Cache - Workflow Template
Analyze Files in Netskope Sandbox with Cache - Workflow Template

Submit a file using a Webform to Netskope Sandbox for malware analysis.

Updated over 7 months ago

This workflow template enables security analysts to automate malware analysis by submitting a file to the Netskope Sandbox via a webform. The procedure begins by calculating the file's hash and checking a local cache for a prior analysis. If no cached result is found, the file is sent to the Netskope Sandbox for a thorough examination. The final analysis, including the verdict and any Tactics, Techniques, and Procedures (TTPs) identified, is displayed back on the webform. This efficient process aids threat hunting and intelligence enrichment by quickly analyzing potentially malicious files.

Optional Triggers

"This workflow can be also used as a nested function, removing the form steps."

Use Cases

Threat Hunting , Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives a File from a webform.

  2. Calculates the Hash of the file.

  3. Lookup for the hash on the local cache to return a previous analysis.

  4. Submits a file to Netskope Sandbox when no entry on local cache is found.

  5. Extract Verdict and TTPs and show them as a result on a Webform.

Vendors

Utils, Torq, Netskope

Workflow Output

When the file is supported for analysis the result will be shown on a webform otherwise a "File Type not supported" error is returned.

Tips

Netskope Sandbox only supports binary files

Did this answer your question?