Skip to main content

Detonate File - JoeSecurity V2

This Playbook is part of the Joe Security Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

The Detonate File using Joe Sandbox Process is designed to streamline and enhance the security assessment of files. This automated system accepts a user-submitted file, sends it for in-depth analysis using Joe Sandbox technology, and returns comprehensive results as attachments to the user. The process is designed to be swift, efficient, and secure, providing users with valuable insights into potential threats and vulnerabilities within their files.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • JoeSecurityV2


  • Set


  • joe-submit-sample
  • joe-download-report
  • joe-analysis-info

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileFile object of the file to detonate. The File is taken from the context.FileOptional
TimeoutThe default duration after which to stop polling and to resume the playbook (in seconds).900Optional
SystemsOperating system to run the analysis on (comma-separated). Supported values are: w7, w7x64, w7_1, w7_2, w7native, android2, android3, mac1, w7l, w7x64l, w10, android4, w7x64native, w7_3, w10native, android5native_1, w7_4, w7_5, w10x64, w7x64_hvm, android6, iphone1, w7_sec, macvm, w7_lang_packs, w7x64native_hvm, lnxubuntu1, lnxcentos1, android7_nougat (if no input is provided, the default is w10x64_office)Optional
CommentsComments for the analysis.Optional
ReportFileTypeThe resource type to download. Default is html. Supported values are: html, lighthtml, executive, pdf, classhtml, xml, lightxml, classxml, clusterxml, irxml, json, jsonfixed, lightjson, lightjsonfixed, irjson, irjsonfixed, shoots (screenshots), openioc, maec, misp, graphreports, memstrings, binstrings, sample, cookbook, bins (dropped files), unpackpe (unpacked PE files), unpack, ida, pcap, pcapslim, memdumps, yaraOptional

Playbook Outputs#

DBotScore.VendorThe vendor used to calculate the score.string
Joe.Analysis.IDWeb ID.string
Joe.Analysis.StatusAnalysis Status.string
Joe.Analysis.CommentsAnalysis Comments.string
Joe.Analysis.RunsSub-Analysis Information.unknown
Joe.Analysis.ResultAnalysis Results.string
Joe.Analysis.ErrorsRaised errors during sampling.unknown
Joe.Analysis.SystemsAnalysis OS.unknown
Joe.Analysis.MD5MD5 of analysis sample.string
Joe.Analysis.SHA1SHA1 of analysis sample.string
Joe.Analysis.SHA256SHA256 of analysis sample.string
Joe.Analysis.SampleNameSample Data, could be a file name or URL.string
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
DBotScore.ScoreThe actual score.number
DBotScore.Malicious.VendorThe vendor used to calculate the score.string
DBotScore.Malicious.DetectionsThe sub analysis detection statuses.string
DBotScore.Malicious.SHA1The SHA1 of the file.string
InfoFile.EntryIDThe EntryID of the sample.string
InfoFile.SizeFile Size.number
InfoFile.TypeFile type e.g. "PE".string
InfoFile.InfoBasic information of the file.string
File.ExtensionFile Extension.string
InfoFileReport file object.unknown
FileFile object.unknown
Joe.AnalysisJoe Analysis object.unknown
DBotScoreDBotScore object.unknown
DBotScore.MaliciousDBotScore Malicious object.unknown
File.MD5The MD5 hash of the file.unknown
File.NameThe full file name.unknown
File.SHA1The SHA1 hash of the file.unknown
File.SHA256The SHA256 hash of the file.unknown

Playbook Image#

Detonate File - JoeSecurity V2