Joe Sandbox for Microsoft Sentinel

The Joe Sandbox for Microsoft Sentinel solution integrates Joe Sandbox threat intelligence and sandbox analysis capabilities with Microsoft Sentinel.

The solution enables ingestion of Joe Sandbox threat intelligence feeds into Microsoft Sentinel for indicator enrichment and correlation. In addition, it performs automated URL analysis on URL entities associated with Microsoft Sentinel incidents, retrieving sandbox analysis results and adding the relevant findings directly to incident comments to support investigation and triage.

The solution also includes file analysis playbooks that submit files to Joe Sandbox for detonation and analysis. The resulting behavioral and contextual information is returned to Microsoft Sentinel to assist analysts during incident investigation and response.

This integration helps security teams enrich indicators, incidents, and alerts with sandbox-driven threat intelligence and analysis results, improving visibility into malicious URLs and files within Microsoft Sentinel workflows.