Response Action for generic submission of files to sandbox #357

oi-m8 · 2021-08-12T00:52:57Z

Many organisations tend to have an on-prem or online service that provides a sandbox for detonation of potentially malicious files. Would it be a good idea to have a RA for a generic submission of a file to a service like this?

yugoslavskiy · 2021-08-23T00:59:57Z

Hello @oi-m8! Thank you very much for your contribution! I am sorry for the delayed response.
We had a discussion on a similar proposal here:

Response actions should be more generic (tool agnostic).

At the moment there are multiple RAs for file analysis (RA2313: Analyse Windows PE, RA2315: Analyse Unix ELF etc).
Sandbox, RE, strings etc — these are all methods of file analysis, and could be a part of future sub-actions.

I will close the PR, but let's keep the issue open and get back to it as soon as we will move to sub-actions.

Thank you once again 🙏

oi-m8 mentioned this issue Aug 12, 2021

RA2321: submit file to sandbox #358

Closed

yugoslavskiy added the RA-dev Response Action development label Aug 23, 2021

yugoslavskiy self-assigned this Aug 23, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Response Action for generic submission of files to sandbox #357

Response Action for generic submission of files to sandbox #357

oi-m8 commented Aug 12, 2021

yugoslavskiy commented Aug 23, 2021

Response Action for generic submission of files to sandbox #357

Response Action for generic submission of files to sandbox #357

Comments

oi-m8 commented Aug 12, 2021

yugoslavskiy commented Aug 23, 2021