Search Analyses
Retrieve analyses that match the given search parameters.
Basic Parameters
Parameter | Description |
---|---|
Query | A query to filter the search by. The query should contain the value of one of the supported fields.The query supports the following fields:md5, sha1, sha256, filename, threat name, URL, tags, comments. |
Advanced Parameters
Parameter | Description |
---|---|
Detection | The type of detection for the scan. |
File Name | The name of the file that was scanned. |
SHA256 | The SHA256 ID of the scan. |
URL | The URL that was scanned. |
Example Output
[{
"webid": "100",
"analysisid": "4",
"status": "finished",
"detection": "malicious",
"score": 42,
"classification": "",
"threatname": "Unknown",
"comments": "a sample comment",
"filename": "sample.exe",
"scriptname": "default.jbs",
"time": "2017-08-11T16:06:32+02:00",
"duration": 150,
"encrypted": false,
"md5": "0cbc6611f5540bd0809a388dc95a615b",
"sha1": "640ab2bae07bedc4c163f679a746f7ab7fb5d1fa",
"sha256": "532eaabd9574880 [...] 299550d7a6e0f345e25",
"tags": ["internal", "important"],
"runs": [{
"detection": "unknown",
"error": "Unable to run",
"system": "w7",
"yara": false,
"sigma": false,
"score": 1
}, {
"detection": "malicious",
"error": null,
"system": "w7x64",
"yara": false
"sigma": false,
"score": 42
}]
}]
Workflow Library Example
Search Analyses with Joe Sandbox and Send Results Via Email
Preview this Workflow on desktop