ITDR
Enrichment Configuration Guide for Joe Sandbox
This configuration guide provides information on prerequisites and how to integrate Zscaler ITDR with Joe Sandbox to enhance events that are generated in the Zscaler ITDR Admin Portal with additional context.
Joe Sandbox is a cloud-based malware sandbox that detects and analyzes malware samples. You can send malware files to Joe Sandbox for testing and download reports for further analysis.
Prerequisites
Before you configure enrichment integration, ensure that you have:
- Network connectivity from the ITDR Admin Portal to the Joe Sandbox API server.
- An active Joe Sandbox account.
- Obtained the Joe Sandbox API key. In the Joe Sandbox console, go to User Settings > API Key to obtain the API key.
Configuring Enrichment Integration with Joe Sandbox
To configure enrichment integration with Joe Sandbox:
- Go to Orchestrate > Enrich.
Locate Joe Sandbox in the table, and click the Edit icon under the Actions column.
In the Joe Sandbox window:
- Select Enabled.
- Enter the API key.
Click Save.
Enrichment integration with Joe Sandbox is enabled.