icon-itdr.svg
ITDR

Enrichment Configuration Guide for Joe Sandbox

This configuration guide provides information on prerequisites and how to integrate Zscaler ITDR with Joe Sandbox to enhance events that are generated in the Zscaler ITDR Admin Portal with additional context.

Joe Sandbox is a cloud-based malware sandbox that detects and analyzes malware samples. You can send malware files to Joe Sandbox for testing and download reports for further analysis.

Prerequisites

Before you configure enrichment integration, ensure that you have:

  • Network connectivity from the ITDR Admin Portal to the Joe Sandbox API server.
  • An active Joe Sandbox account.
  • Obtained the Joe Sandbox API key. In the Joe Sandbox console, go to User Settings > API Key to obtain the API key.

Configuring Enrichment Integration with Joe Sandbox

To configure enrichment integration with Joe Sandbox:

  1. Go to Orchestrate > Enrich.
  2. Locate Joe Sandbox in the table, and click the Edit icon under the Actions column.

  3. In the Joe Sandbox window:

    1. Select Enabled.
    2. Enter the API key.

  4. Click Save.

    Enrichment integration with Joe Sandbox is enabled.

Related Articles
About Enrichment IntegrationEnrichment Configuration Guide for Hybrid AnalysisEnrichment Configuration Guide for Joe SandboxEnrichment Configuration Guide for Palo Alto Networks WildFireEnrichment Configuration Guide for ShadowserverEnrichment Configuration Guide for VirusTotal