Skip to main content

Search Analyses

Retrieve analyses that match the given search parameters.

Basic Parameters

ParameterDescription
QueryA query to filter the search by. The query should contain the value of one of the supported fields.The query supports the following fields:md5, sha1, sha256, filename, threat name, URL, tags, comments.

Advanced Parameters

ParameterDescription
DetectionThe type of detection for the scan.
File NameThe name of the file that was scanned.
SHA256The SHA256 ID of the scan.
URLThe URL that was scanned.

Example Output

[{
"webid": "100",
"analysisid": "4",
"status": "finished",
"detection": "malicious",
"score": 42,
"classification": "",
"threatname": "Unknown",
"comments": "a sample comment",
"filename": "sample.exe",
"scriptname": "default.jbs",
"time": "2017-08-11T16:06:32+02:00",
"duration": 150,
"encrypted": false,
"md5": "0cbc6611f5540bd0809a388dc95a615b",
"sha1": "640ab2bae07bedc4c163f679a746f7ab7fb5d1fa",
"sha256": "532eaabd9574880 [...] 299550d7a6e0f345e25",
"tags": ["internal", "important"],
"runs": [{
"detection": "unknown",
"error": "Unable to run",
"system": "w7",
"yara": false,
"sigma": false,
"score": 1
}, {
"detection": "malicious",
"error": null,
"system": "w7x64",
"yara": false
"sigma": false,
"score": 42
}]
}]

Workflow Library Example

Search Analyses with Joe Sandbox and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop