our SOC would like to go for a commercial malware sandbox (saas solution) in the future. For us it’s very important that InsightConnect supports the sandbox with a plugin that allows us to submit files/urls and retrieve the analysis results. I was wondering if anyone of you has experience with the InsightConnect plugins that exists in that category on the library and can recommend one?
All these have Plugins, you can read the help documents to see what features would suit you best.
- Hybrid Analysis
- Joe Sandbox
- Any Run
Thank you. Did you actually test them or can you share your experiences with these plugins? Currently, we’re doing a POC with VMRay and the corresponding plugin has bugs (confirmed by support) and didn’t get any updates for more than a year.
We currently use Cisco’s Secure Malware Analytics (formerly ThreatGrid) but I’m still looking at how it’s possible to submit the actual sample via InsightConnect. I don’t see a tool that’ll carry the file over, only a hash.