JoeSandbox File Analyis
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Submits a attachment or set of attachment associated with an office 365 email to JoeSandbox for Analyis.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | JoeSandbox |
| Source | View on GitHub |
Additional Documentation
📄 Source: JoeSandbox-Submit-File-Outlook-Attachment/readme.md
JoeSandbox File Analysis Playbook
Table of Contents
Overview
This playbook gets triggered when an new email is recieved in the configured mail box and performs the following actions:
- It fetches the attachments objects in the Email.
- Iterates through and submits to JoeSanbox for analysis and fetches the results for each File.
- All the details from JoeSanbox will be added as comments in a tabular format.
Links to deploy Playbook:
- Click on Deploy to Azure
- It will redirect to configuration page
- Please provide the values accordingly
| Fields | Description |
|---|---|
| Subscription | Select the appropriate Azure Subscription |
| Resource Group | Select the appropriate Resource Group |
| Region | Based on Resource Group this will be uto populated |
| Playbook Name | Please provide a playbook name, if needed |
| Workspace Name | Please provide Log Analytics Workspace Name |
| Workspace ID | Please provide Log Analytics Workspace ID |
| Function App Name | Please provide the JoeSandbox enrichment function app name |
- Once you provide the above values, please click on
Review + createbutton.
Authentication
Authentication methods this connector supports: - API Key authentication
Prerequisites for using and deploying playbook
- A JoeSanbox API Key.
- JoeSandbox Logic App Custom Connector should be installed.
Deployment instructions
- Deploy the playbooks by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
- Fill in the required parameters for deploying the playbook.
- Click "Review + create". Once the validation is successful, click on "Create".
Post-Deployment instructions.
- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to this document and provide permissions to the Logic App accordingly.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊