Retrieve analyses that match the given search parameters.

Note: At least one of the search parameters is required to perform the search.

External Documentation

To learn more, visit the Joe Sandbox documentation.

Parameters

ParameterDescription
DetectionThe type of detection to search for.
File NameThe name of the scanned file to search for.
MD5The MD5 value to search for.
QueryA query to filter the search by. The query supports searching across multiple fields including md5, sha1, sha256, filename, threat name, URL, tags, and comments.
SHA1The SHA1 value to search for.
SHA256The SHA256 value to search for.
Search MethodSelect whether to search by a query to search or use specific search properties.
URLThe scanned URL to search for.

Example Output

[
	{
		"webid": "100",
		"analysisid": "4",
		"status": "finished",
		"detection": "malicious",
		"score": 42,
		"classification": "",
		"threatname": "Unknown",
		"comments": "a sample comment",
		"filename": "sample.exe",
		"scriptname": "default.jbs",
		"time": "2017-08-11T16:06:32+02:00",
		"duration": 150,
		"encrypted": false,
		"md5": "0cbc6611f5540bd0809a388dc95a615b",
		"sha1": "640ab2bae07bedc4c163f679a746f7ab7fb5d1fa",
		"sha256": "532eaabd9574880 [...] 299550d7a6e0f345e25",
		"tags": [
			"internal",
			"important"
		],
		"runs": [
			{
				"detection": "unknown",
				"error": "Unable to run",
				"system": "w7",
				"yara": false,
				"sigma": false,
				"score": 1
			},
			{
				"detection": "malicious",
				"error": null,
				"system": "w7x64",
				"yara": false,
				"sigma": false,
				"score": 42
			}
		]
	}
]

Workflow Library Example

Search Analyses with Joe Sandbox and Send Results Via Email

Preview this Workflow on desktop