Skip to main content
Glama
joesecurity

JoeSandboxMCP

Official
by joesecurity
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

get_list_of_recent_analyses

Retrieve a summary of recent malware analysis submissions from Joe Sandbox Cloud, including detection scores, threat classifications, and metadata for follow-up investigation.

Instructions

List recent analyses submitted by the user. This tool returns a summary of the most recent sandbox analyses performed in the current account. Each entry includes the submission ID and a minimal set of metadata useful for follow-up actions such as downloading artifacts or examining behavior. By default, the tool returns the latest 20 analyses. You can override the `limit` parameter to retrieve more or fewer entries. For each analysis, the following fields are returned: - webid: Unique submission identifier. - time: Timestamp of when the analysis was submitted. - filename: Original submitted filename or URL. - sha256: SHA-256 hash of the submitted object. - score: Final detection score assigned by the sandbox. - detection: Verdict (e.g., clean, suspicious, malicious). - classification: Malware family or type (if available). - threatname: Named threat label (e.g., campaign or actor), if detected. - systems: List of sandbox systems the sample was run on. - num_runs: Total number of sandbox executions (runs) for this submission. Args: limit (optional, default = 20): The number of most recent analyses to return. Returns: A list of dictionaries summarizing each recent analysis.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
limitNo

Implementation Reference

  • jbxmcp/tools.py:771-799 (handler)
    The MCP tool handler for 'get_list_of_recent_analyses'. It defines the tool interface with input schema (limit: int=20), detailed documentation, and delegates execution to the core helper function via asyncio.to_thread.
    @mcp.tool() async def get_list_of_recent_analyses(limit: int = 20) -> List[Dict[str, Any]]: """ List recent analyses submitted by the user. This tool returns a summary of the most recent sandbox analyses performed in the current account. Each entry includes the submission ID and a minimal set of metadata useful for follow-up actions such as downloading artifacts or examining behavior. By default, the tool returns the latest 20 analyses. You can override the `limit` parameter to retrieve more or fewer entries. For each analysis, the following fields are returned: - webid: Unique submission identifier. - time: Timestamp of when the analysis was submitted. - filename: Original submitted filename or URL. - sha256: SHA-256 hash of the submitted object. - score: Final detection score assigned by the sandbox. - detection: Verdict (e.g., clean, suspicious, malicious). - classification: Malware family or type (if available). - threatname: Named threat label (e.g., campaign or actor), if detected. - systems: List of sandbox systems the sample was run on. - num_runs: Total number of sandbox executions (runs) for this submission. Args: limit (optional, default = 20): The number of most recent analyses to return. Returns: A list of dictionaries summarizing each recent analysis. """ return await asyncio.to_thread(list_recent_analyses, limit)
  • jbxmcp/core.py:420-446 (helper)
    The core helper function that implements the logic to list recent analyses by paginating through Joe Sandbox API's analysis_list_paged() and fetching details for each via analysis_info(), collecting up to the specified limit.
    def list_recent_analyses(limit: int = 20) -> List[Dict[str, Any]]: jbx_client = get_client() results = [] for each in jbx_client.analysis_list_paged(): info = jbx_client.analysis_info(webid=each["webid"]) systems = list({run.get("system") for run in info.get("runs", []) if run.get("system")}) num_runs = len(info.get("runs", [])) results.append({ "webid": info.get("webid"), "time": info.get("time"), "filename": info.get("filename"), "sha256": info.get("sha256"), "score": info.get("score"), "detection": info.get("detection"), "classification": info.get("classification"), "threatname": info.get("threatname"), "systems": systems, "num_runs": num_runs, }) if len(results) >= limit: break return results
  • jbxmcp/tools.py:2-17 (registration)
    The __all__ export list in tools.py includes 'get_list_of_recent_analyses', indicating it is part of the public API.
    __all__ = [ 'submit_analysis_job', 'search_analysis', 'get_analysis_info', 'get_ai_summaries', 'get_dropped_info', 'get_domain_info', 'get_ip_info', 'get_url_info', 'get_signature_info', 'get_unpacked_files', 'get_pcap_file', 'get_list_of_recent_analyses', 'get_process_info', 'get_memory_dumps' ]
  • jbxmcp/core.py:1-14 (registration)
    The __all__ export list in core.py includes 'list_recent_analyses', the helper used by the tool.
    __all__ = [ 'initialize_client', 'get_client', 'AsyncReportCache', 'report_cache', 'get_or_fetch_report', 'make_search_request', 'make_submission', 'query_analysis_info', 'extract_process_tree', 'download_unpacked_files', 'download_pcap_file', 'list_recent_analyses', 'get_indicators',

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/joesecurity/joesandboxMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server