search_analysis
Search JoeSandbox Cloud malware analyses using structured parameters like hash values, filenames, URLs, threat names, detection status, and date ranges to identify and investigate security threats.
Instructions
Search the JoeSandbox Cloud for malware analyses using structured search parameters.
Args:
- md5, sha1, sha256: Exact match
- filename, url, tag, comments, ioc_url, ioc_dropped-file: Substring match
- detection: One of 'clean', 'suspicious', 'malicious', 'unknown'
- threatname: Exact match
- before_date, after-date: ISO 8601 format (YYYY-MM-DD). These are exclusive (the date itself is not included).
- ioc_domain, ioc_public_ip: Exact match
Notes:
- You must provide at least one of the supported parameters.
- If multiple parameters are provided, all conditions must match (AND logic).
- Searches are case-insensitive.
- On the Cloud version, date comparisons use the CET/CEST time zone.
- The 'q' parameter is not supported and should not be used.
Examples:
{"md5": "661f3e4454258ca6ab1a4c31742916c0"}
{"threatname": "agenttesla", "before_date": "2024-12-01"}
{"filename": "agent.exe", "detection": "malicious"}
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| md5 | No | ||
| sha1 | No | ||
| sha256 | No | ||
| filename | No | ||
| url | No | ||
| tag | No | ||
| comments | No | ||
| ioc_url | No | ||
| ioc_dropped_file | No | ||
| detection | No | ||
| threatname | No | ||
| before_date | No | ||
| after_date | No | ||
| ioc_domain | No | ||
| ioc_public_ip | No |